Show a warning in the installer if .htaccess is not working

3eb43c1f · Lukas Reschke · 9458a6c1 · 3eb43c1f · 3eb43c1f
Commit 3eb43c1f authored 12 years ago by Lukas Reschke
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -26,6 +26,12 @@
 		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
 	</fieldset>
 	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">

--- a/lib/setup.php
+++ b/lib/setup.php
@@ -6,6 +6,12 @@ $hasPostgreSQL = is_callable('pg_connect');
 $hasOracle = is_callable('oci_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');

+// Test if  .htaccess is working
+$content = "<Directory /data>\n";
+$content.= "Deny from All\n";
+$content.= "</Directory>";
+file_put_contents(OC::$SERVERROOT.'/data/.htaccess', $content);
+
 $opts = array(
 	'hasSQLite' => $hasSQLite,
 	'hasMySQL' => $hasMySQL,
@@ -13,6 +19,7 @@ $opts = array(
 	'hasOracle' => $hasOracle,
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
+	'htaccessWorking' => OC_Util::ishtaccessworking(),
 	'errors' => array(),
 );