From d78a25ee4edd9e1b2eb7ecb5b7a643180b515775 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Wed, 24 Aug 2022 16:33:54 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B05462=20Add=20a=20setup=20check=20to=20ve?= =?UTF-8?q?rify=20if=20directory-level=20configuration=20files=20(.htacces?= =?UTF-8?q?s=20and=20web.config)=20are=20used=20by=20the=20server?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/permissions-test-folder/.htaccess | 13 +++++++++++++ .../permissions-test-file | 0 setup/permissions-test-folder/web.config | 13 +++++++++++++ setup/setup.js | 13 +++++++++++++ setup/wizardsteps.class.inc.php | 1 + 5 files changed, 40 insertions(+) create mode 100644 setup/permissions-test-folder/.htaccess create mode 100644 setup/permissions-test-folder/permissions-test-subfolder/permissions-test-file create mode 100644 setup/permissions-test-folder/web.config diff --git a/setup/permissions-test-folder/.htaccess b/setup/permissions-test-folder/.htaccess new file mode 100644 index 000000000..782472c78 --- /dev/null +++ b/setup/permissions-test-folder/.htaccess @@ -0,0 +1,13 @@ +# Apache 2.4 + +Require all denied + + +# Apache 2.2 + +deny from all +Satisfy All + + +# Apache 2.2 and 2.4 +IndexIgnore * diff --git a/setup/permissions-test-folder/permissions-test-subfolder/permissions-test-file b/setup/permissions-test-folder/permissions-test-subfolder/permissions-test-file new file mode 100644 index 000000000..e69de29bb diff --git a/setup/permissions-test-folder/web.config b/setup/permissions-test-folder/web.config new file mode 100644 index 000000000..58c9c3ac3 --- /dev/null +++ b/setup/permissions-test-folder/web.config @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/setup/setup.js b/setup/setup.js index b83719322..62ae1b733 100644 --- a/setup/setup.js +++ b/setup/setup.js @@ -51,4 +51,17 @@ function ExecuteStep(sStep) $('#wiz_form').data('installation_status', 'error'); WizardUpdateButtons(); } ); +} + +function CheckDirectoryConfFilesPermissions(sWikiVersion){ + $.ajax('permissions-test-folder/permissions-test-subfolder/permissions-test-file', + { + statusCode: { + 200: function() { + $('#details').prepend('
Security issue: iTop is bundled with directory-level configuration files. You must check that those files will be read by your web server (eg.' + + 'AllowOverride directive should be set to All for Apache HTTP Server) see documentation.
'); + $(' and 1 Security issue').insertBefore('h2.message button:first'); + } + } + }); } \ No newline at end of file diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php index 805a7de9e..81ff1c9c9 100644 --- a/setup/wizardsteps.class.inc.php +++ b/setup/wizardsteps.class.inc.php @@ -161,6 +161,7 @@ HTML $oPage->p('Sorry, the installation cannot continue. Please fix the errors and reload this page to launch the installation again.'); $oPage->p(''); } + $oPage->add_ready_script('CheckDirectoryConfFilesPermissions("'.utils::GetItopVersionWikiSyntax().'")'); } public function CanMoveForward()