X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=src%2FModule%2FInstall.php;h=de19bc86ab81da9e1248cb21f0b292dcdcf7e878;hb=f4dfd4f6490dd965651aeb5fa8d39e0d566ed413;hp=2defe24adf648296fcb6002166b150cc5a0fbe44;hpb=fa1328625cfa539bba0f8b244ef1e6073030b5bf;p=friendica.git diff --git a/src/Module/Install.php b/src/Module/Install.php index 2defe24adf..de19bc86ab 100644 --- a/src/Module/Install.php +++ b/src/Module/Install.php @@ -4,11 +4,10 @@ namespace Friendica\Module; use Friendica\App; use Friendica\BaseModule; -use Friendica\Database\DBA; -use Friendica\Database\DBStructure; use Friendica\Core; use Friendica\Core\L10n; use Friendica\Core\Renderer; +use Friendica\Util\Strings; use Friendica\Util\Temporal; class Install extends BaseModule @@ -44,6 +43,10 @@ class Install extends BaseModule { $a = self::getApp(); + if (!$a->getMode()->isInstall()) { + Core\System::httpExit(403); + } + // route: install/testrwrite // $baseurl/install/testrwrite to test if rewrite in .htaccess is working if ($a->getArgumentValue(1, '') == 'testrewrite') { @@ -70,13 +73,13 @@ class Install extends BaseModule break; case self::SITE_SETTINGS: - $dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); - $dbuser = notags(trim(defaults($_POST, 'dbuser', ''))); - $dbpass = notags(trim(defaults($_POST, 'dbpass', ''))); - $dbdata = notags(trim(defaults($_POST, 'dbdata', ''))); + $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); + $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', ''))); + $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', ''))); + $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', ''))); // If we cannot connect to the database, return to the previous step - if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) { + if (!self::$installer->checkDB($a->getBasePath(), $a->getConfigCache(), $a->getProfiler(), $dbhost, $dbuser, $dbpass, $dbdata)) { self::$currentWizardStep = self::DATABASE_CONFIG; } @@ -84,16 +87,16 @@ class Install extends BaseModule case self::FINISHED: $urlpath = $a->getURLPath(); - $dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); - $dbuser = notags(trim(defaults($_POST, 'dbuser', ''))); - $dbpass = notags(trim(defaults($_POST, 'dbpass', ''))); - $dbdata = notags(trim(defaults($_POST, 'dbdata', ''))); - $timezone = notags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ))); - $language = notags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG))); - $adminmail = notags(trim(defaults($_POST, 'adminmail', ''))); + $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); + $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', ''))); + $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', ''))); + $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', ''))); + $timezone = Strings::escapeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ))); + $language = Strings::escapeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG))); + $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', ''))); // If we cannot connect to the database, return to the Database config wizard - if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) { + if (!self::$installer->checkDB($a->getBasePath(), $a->getConfigCache(), $a->getProfiler(), $dbhost, $dbuser, $dbpass, $dbdata)) { self::$currentWizardStep = self::DATABASE_CONFIG; return; } @@ -104,7 +107,7 @@ class Install extends BaseModule return; } - self::$installer->installDatabase(); + self::$installer->installDatabase($a->getBasePath()); break; } @@ -139,12 +142,12 @@ class Install extends BaseModule break; case self::DATABASE_CONFIG: - $dbhost = notags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST))); - $dbuser = notags(trim(defaults($_POST, 'dbuser' , '' ))); - $dbpass = notags(trim(defaults($_POST, 'dbpass' , '' ))); - $dbdata = notags(trim(defaults($_POST, 'dbdata' , '' ))); - $phpath = notags(trim(defaults($_POST, 'phpath' , '' ))); - $adminmail = notags(trim(defaults($_POST, 'adminmail', '' ))); + $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST))); + $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser' , '' ))); + $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass' , '' ))); + $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata' , '' ))); + $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath' , '' ))); + $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '' ))); $tpl = Renderer::getMarkupTemplate('install_db.tpl'); $output .= Renderer::replaceMacros($tpl, [ @@ -190,13 +193,13 @@ class Install extends BaseModule break; case self::SITE_SETTINGS: - $dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); - $dbuser = notags(trim(defaults($_POST, 'dbuser', '' ))); - $dbpass = notags(trim(defaults($_POST, 'dbpass', '' ))); - $dbdata = notags(trim(defaults($_POST, 'dbdata', '' ))); - $phpath = notags(trim(defaults($_POST, 'phpath', '' ))); + $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST))); + $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '' ))); + $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '' ))); + $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '' ))); + $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath', '' ))); - $adminmail = notags(trim(defaults($_POST, 'adminmail', ''))); + $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', ''))); $timezone = defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ); /* Installed langs */ @@ -253,6 +256,7 @@ class Install extends BaseModule * @param App $a The global App * * @return string The text for the next steps + * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ private static function whatNext($a) {