[!!!][SECURITY] Allow first install only with FIRST_INSTALL file 12/28612/5
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 27 Feb 2014 14:09:23 +0000 (15:09 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Fri, 21 Mar 2014 17:42:24 +0000 (18:42 +0100)
commit915acbde458fe3c31091bda6068b9dcee1439227
treef866e64e82f2ff0115dc9e56cd8e623a724677cd
parent01806417edf5b566dd4db2b6519923a10f3f7cf5
[!!!][SECURITY] Allow first install only with FIRST_INSTALL file

It was previously possible to access the install tool
by using a specially crafted URL, which caused
the install tool enable file check to fail.

As there was no easy solution to solve this issue,
we now introduce the need to create a file on first
install.

So in the installation directory the following must
be present:

d typo3
f index.php
f FIRST_INSTALL

After the installation the file will be removed.

Resolves: #55387
Releases: 6.2
Change-Id: I583581f18b939ba032950451bab17ac20131683b
Reviewed-on: https://review.typo3.org/28612
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/install/Classes/Controller/AbstractController.php
typo3/sysext/install/Classes/Controller/Action/Common/AccessNotAllowedAction.php [new file with mode: 0644]
typo3/sysext/install/Classes/Controller/Action/Step/EnvironmentAndFolders.php
typo3/sysext/install/Classes/Controller/AjaxController.php
typo3/sysext/install/Classes/Service/EnableFileService.php
typo3/sysext/install/Resources/Private/Templates/Action/Common/AccessNotAllowed.html [new file with mode: 0644]
typo3/sysext/install/Start/Install.php