diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-09-17 14:07:52 +0200 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-09-17 14:07:52 +0200 |
| commit | 75bf305b2f084958d43689b3781d03a29cc21f60 (patch) | |
| tree | b700e12f1a5b1e847d2ad485295e5355a6031904 | |
| parent | 3b8c381689334a15e7c034425f8615860dc3fa13 (diff) | |
Test HTTP REFERER in install.php
Test is actually basic, we need to use
Minz_Request::isRefererFromSameDomain() method to improve checking
| -rw-r--r-- | app/i18n/install.en.php | 2 | ||||
| -rw-r--r-- | app/i18n/install.fr.php | 2 | ||||
| -rw-r--r-- | app/install.php | 11 |
3 files changed, 14 insertions, 1 deletions
diff --git a/app/i18n/install.en.php b/app/i18n/install.en.php index 50208fcef..487b5073a 100644 --- a/app/i18n/install.en.php +++ b/app/i18n/install.en.php @@ -42,6 +42,8 @@ return array ( 'data_is_ok' => 'Permissions on data directory are good', 'persona_is_ok' => 'Permissions on Mozilla Persona directory are good', 'file_is_nok' => 'Check permissions on <em>%s</em> directory. HTTP server must have rights to write into', + 'http_referer_is_ok' => 'Your HTTP REFERER is known and corresponds to your server.', + 'http_referer_is_nok' => 'Please check you are not altering your HTTP REFERER.', 'fix_errors_before' => 'Fix errors before skip to the next step.', 'general_conf_is_ok' => 'General configuration has been saved.', diff --git a/app/i18n/install.fr.php b/app/i18n/install.fr.php index 9c039f904..785c02459 100644 --- a/app/i18n/install.fr.php +++ b/app/i18n/install.fr.php @@ -42,6 +42,8 @@ return array ( 'data_is_ok' => 'Les droits sur le répertoire de data sont bons', 'persona_is_ok' => 'Les droits sur le répertoire de Mozilla Persona sont bons', 'file_is_nok' => 'Veuillez vérifier les droits sur le répertoire <em>%s</em>. Le serveur HTTP doit être capable d’écrire dedans', + 'http_referer_is_ok' => 'Le HTTP REFERER est connu et semble correspondre à votre serveur.', + 'http_referer_is_nok' => 'Veuillez vérifier que vous ne modifiez pas votre HTTP REFERER.', 'fix_errors_before' => 'Veuillez corriger les erreurs avant de passer à l’étape suivante.', 'general_conf_is_ok' => 'La configuration générale a été enregistrée.', diff --git a/app/install.php b/app/install.php index 8986e9965..f31764545 100644 --- a/app/install.php +++ b/app/install.php @@ -307,6 +307,7 @@ function checkStep1() { $log = LOG_PATH && is_writable(LOG_PATH); $favicons = is_writable(DATA_PATH . '/favicons'); $persona = is_writable(DATA_PATH . '/persona'); + $http_referer = !empty($_SERVER['HTTP_REFERER']); return array( 'php' => $php ? 'ok' : 'ko', @@ -323,8 +324,10 @@ function checkStep1() { 'log' => $log ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', 'persona' => $persona ? 'ok' : 'ko', + 'http_referer' => $http_referer ? 'ok' : 'ko', 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && - $data && $cache && $log && $favicons && $persona ? 'ok' : 'ko' + $data && $cache && $log && $favicons && $persona && $http_referer ? + 'ok' : 'ko' ); } @@ -548,6 +551,12 @@ function printStep1() { <p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', DATA_PATH . '/persona'); ?></p> <?php } ?> + <?php if ($res['http_referer'] == 'ok') { ?> + <p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('http_referer_is_ok'); ?></p> + <?php } else { ?> + <p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('http_referer_is_nok'); ?></p> + <?php } ?> + <?php if ($res['all'] == 'ok') { ?> <a class="btn btn-important next-step" href="?step=2"><?php echo _t('next_step'); ?></a> <?php } else { ?> |