[BUGFIX] Install tool stays open if ENABLE_INSTALL_TOOL is not writable
authorLucas Jenss <lucas@gosign.de>
Sun, 11 Sep 2011 23:10:26 +0000 (01:10 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 26 Oct 2011 22:13:42 +0000 (00:13 +0200)
Recognize if the ENABLE_INSTALL_TOOL file deletion fails
and keep the install tool closed in this case.

Change-Id: I78e1990b6a0b66ef8804ede9bbfa3546b08d4067
Fixes: #29674
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/4906
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/install/index.php

index 9217408..b8fdc88 100755 (executable)
@@ -56,6 +56,10 @@ if (is_file($quickstartFile) && is_writeable($quickstartFile) && unlink($quickst
        touch($enableInstallToolFile);
 }
 
+       // Additional security measure if ENABLE_INSTALL_TOOL file cannot, but
+       // should be deleted (in case it is write-protected, for example).
+$removeInstallToolFileFailed = FALSE;
+
        // Only allow Install Tool access if the file "typo3conf/ENABLE_INSTALL_TOOL" is found
 if (is_file($enableInstallToolFile) && (time() - filemtime($enableInstallToolFile) > 3600)) {
        $content = file_get_contents($enableInstallToolFile);
@@ -63,12 +67,14 @@ if (is_file($enableInstallToolFile) && (time() - filemtime($enableInstallToolFil
 
        if (trim($content) !== $verifyString) {
                        // Delete the file if it is older than 3600s (1 hour)
-               unlink($enableInstallToolFile);
+               if (!@unlink($enableInstallToolFile)) {
+                       $removeInstallToolFileFailed = TRUE;
+               }
        }
 }
 
        // Change 1==2 to 1==1 if you want to lock the Install Tool regardless of the file ENABLE_INSTALL_TOOL
-if (1==2 || !is_file($enableInstallToolFile)) {
+if (1==2 || !is_file($enableInstallToolFile) || $removeInstallToolFileFailed) {
                // Include t3lib_div and t3lib_parsehtml for templating
        require_once($PATH_site . '/t3lib/class.t3lib_div.php');
        require_once($PATH_site . '/t3lib/class.t3lib_parsehtml.php');
@@ -108,7 +114,7 @@ if (1==2 || !is_file($enableInstallToolFile)) {
                                For security reasons, it is highly recommended that you either rename or delete the file after the operation is finished.
                        </p>
                        <p>
-                               As an additional security measure, if the file is older than one hour, TYPO3 will automatically delete it.
+                               As an additional security measure, if the file is older than one hour, TYPO3 will automatically delete it. The file must be writable by the web server user.
                        </p>
                '
        );