Merge pull request #560 from partkeepr/PartKeepr-553

Fix for #553
partkeepr · Jan 11, 2016 · 8994391 · 8994391
2 parents 3418c69 + 2411147
commit 8994391
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,5 @@ app/config/parameters_setup.php
 /composer.phar
 
 !.keep
+!app/logs/.htaccess
+!app/logs/ignore.json
diff --git a/app/logs/.htaccess b/app/logs/.htaccess
@@ -0,0 +1,2 @@
+Order deny,allow
+Deny from all
diff --git a/web/setup/index.html b/web/setup/index.html
@@ -36,6 +36,7 @@
     <script type="text/javascript" src="js/SetupTests/GenerateAuthKey.js"></script>
     <script type="text/javascript" src="js/SetupTests/PHPTest.js"></script>
     <script type="text/javascript" src="js/SetupTests/WebserverTest.js"></script>
+    <script type="text/javascript" src="js/SetupTests/WebserverLogTest.js"></script>
     <script type="text/javascript" src="js/SetupTests/WebserverRewriteTest.js"></script>
     <script type="text/javascript" src="js/SetupTests/PHPPrerequisitesTest.js"></script>
     <script type="text/javascript" src="js/SetupTests/DatabaseConnectivityTest.js"></script>

diff --git a/web/setup/js/Cards/PrerequisitesTestCard.js b/web/setup/js/Cards/PrerequisitesTestCard.js
@@ -16,6 +16,7 @@ Ext.define('PartKeeprSetup.PrerequisitesTestCard', {
         this.tests.push(new PartKeeprSetup.PHPSettingsTest());
         this.tests.push(new PartKeeprSetup.WebserverTest());
         this.tests.push(new PartKeeprSetup.WebserverRewriteTest());
+        this.tests.push(new PartKeeprSetup.WebserverLogDirectoryTest());
         this.tests.push(new PartKeeprSetup.GenerateAuthKey());
     }
 });
diff --git a/web/setup/js/SetupTests/WebserverLogTest.js b/web/setup/js/SetupTests/WebserverLogTest.js
@@ -0,0 +1,42 @@
+/**
+ * Tests if the web server can handle pathInfo
+ */
+Ext.define('PartKeeprSetup.WebserverLogDirectoryTest', {
+    extend: 'PartKeeprSetup.AbstractTest',
+    url: '../../app/logs/ignore.json',
+    method: 'GET',
+    name: "PHP",
+    message: "app/logs access check",
+    onSuccess: function (response) {
+        var responseObj = Ext.decode(response.responseText);
+
+        if (responseObj.message && responseObj.message === "readable") {
+            this.success = false;
+            this.resultMessage = "Web Server misconfiguration";
+            this.errors = ['Your <code>app/logs</code> directory is readable. Please either move your web server\'s document root to the web/ directory or configure <code>app/logs</code> to disallow access. For further information please read <a href="https://wiki.partkeepr.org/wiki/KB00007:Prevent_Access_to_the_logs_directory" target="_blank">wiki about how to prevent access to the logs directory</a>'];
+
+            if (this.callback) {
+                this.callback.appendTestResult(this);
+            }
+
+            if (this.success) {
+                this.fireEvent("complete", this);
+            }
+
+        }
+    },
+    onFailure: function () {
+        this.success = true;
+        this.resultMessage = "app/logs not readable";
+
+        if (this.callback) {
+            this.callback.appendTestResult(this);
+        }
+
+        if (this.success) {
+            this.fireEvent("complete", this);
+        }
+
+
+    }
+});