From cc6c529562ef5751133d97e3fec067c0072f215b Mon Sep 17 00:00:00 2001 From: berumuron Date: Fri, 26 Mar 2021 19:41:33 +0100 Subject: tec: Remove data/do-install.txt (#3555) * Remove file data/do-install.txt This file was painful during update because we had to remember to delete it each time. It added a security issue by allowing an attacker to reinstall FreshRSS during the update process. The (more powerful) file data/applied_migrations.txt has been introduced in 8619cf6fa to replace do-install.txt. We had to wait for at least one release in order to make sure existing instances of FreshRSS created the migration file. It should be ok now. * Replace i18n install.not_deleted key * Update documentation to update FreshRSS --- p/i/index.php | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) (limited to 'p/i') diff --git a/p/i/index.php b/p/i/index.php index cd82ae538..3591c4446 100755 --- a/p/i/index.php +++ b/p/i/index.php @@ -23,7 +23,10 @@ require(__DIR__ . '/../../constants.php'); require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader -if (file_exists(DATA_PATH . '/do-install.txt')) { +$migrations_path = APP_PATH . '/migrations'; +$applied_migrations_path = DATA_PATH . '/applied_migrations.txt'; + +if (!file_exists($applied_migrations_path)) { require(APP_PATH . '/install.php'); } else { session_cache_limiter(''); @@ -42,22 +45,6 @@ if (file_exists(DATA_PATH . '/do-install.txt')) { } } - $migrations_path = APP_PATH . '/migrations'; - $applied_migrations_path = DATA_PATH . '/applied_migrations.txt'; - - // The next line is temporary: the migrate method expects the applied_migrations.txt - // file to exist. This is because the install script creates this file, so - // if it is missing, it means the application is not installed. But we - // should also take care of applications installed before the new - // migrations system (<=1.16). Indeed, they are installed but the migrations - // version file doesn't exist. So for now (1.17), we continue to check if the - // application is installed with the do-install.txt file: if yes, we create - // the version file. Starting from version 1.18, all the installed systems - // will have the file and so we will be able to remove this temporary line - // and stop using the do-install.txt file to check if FRSS is already - // installed. - touch($applied_migrations_path); - $error = false; try { // Apply the migrations if any -- cgit v1.2.3