diff options
| author |  berumuron <dev@marienfressinaud.fr>
| 2021-03-26 19:41:33 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-03-26 19:41:33 +0100 |
| commit | cc6c529562ef5751133d97e3fec067c0072f215b (patch) | |
| tree | e96d2ae665eee11f45607d57ac612a7a7267e314 /p/i/index.php | |
| parent | eeff1a17b0ae13c32560e9d1b59c6e82965f3e6d (diff) | |
tec: Remove data/do-install.txt (#3555)
* Remove file data/do-install.txt
This file was painful during update because we had to remember to delete
it each time. It added a security issue by allowing an attacker to
reinstall FreshRSS during the update process.
The (more powerful) file data/applied_migrations.txt has been introduced
in 8619cf6fa to replace do-install.txt. We had to wait for at least one
release in order to make sure existing instances of FreshRSS created the
migration file. It should be ok now.
* Replace i18n install.not_deleted key
* Update documentation to update FreshRSS
Diffstat (limited to 'p/i/index.php')
| -rwxr-xr-x | p/i/index.php | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/p/i/index.php b/p/i/index.php index cd82ae538..3591c4446 100755 --- a/p/i/index.php +++ b/p/i/index.php @@ -23,7 +23,10 @@ require(__DIR__ . '/../../constants.php'); require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader -if (file_exists(DATA_PATH . '/do-install.txt')) { +$migrations_path = APP_PATH . '/migrations'; +$applied_migrations_path = DATA_PATH . '/applied_migrations.txt'; + +if (!file_exists($applied_migrations_path)) { require(APP_PATH . '/install.php'); } else { session_cache_limiter(''); @@ -42,22 +45,6 @@ if (file_exists(DATA_PATH . '/do-install.txt')) { } } - $migrations_path = APP_PATH . '/migrations'; - $applied_migrations_path = DATA_PATH . '/applied_migrations.txt'; - - // The next line is temporary: the migrate method expects the applied_migrations.txt - // file to exist. This is because the install script creates this file, so - // if it is missing, it means the application is not installed. But we - // should also take care of applications installed before the new - // migrations system (<=1.16). Indeed, they are installed but the migrations - // version file doesn't exist. So for now (1.17), we continue to check if the - // application is installed with the do-install.txt file: if yes, we create - // the version file. Starting from version 1.18, all the installed systems - // will have the file and so we will be able to remove this temporary line - // and stop using the do-install.txt file to check if FRSS is already - // installed. - touch($applied_migrations_path); - $error = false; try { // Apply the migrations if any |