View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001379 | OXID eShop (all versions) | 6. ------ Setup ------- | public | 2009-10-07 15:27 | 2009-10-23 12:46 |
| Reporter | marco_steinhaeuser | Assigned To | |||
| Priority | high | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.1.6 revision 22740 | ||||
| Fixed in Version | 4.2.0 revision 23610 | ||||
| Summary | 0001379: chmod 0644 config.inc.php after setup process | ||||
| Description | During the setup process, the setup routine chmod's the config.inc.php to 0755 to make it writable. The setup routine shall certainly consider to chmod 0644 once config data where written to the file ;) | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
|
|
And - if easily possible - Show a warning near the warning about the /setup/ folder, that config.inc.php is still writable if not set to 0644. |
|
|
If possible it should set permissions BACK to previous permission set instead of just unassigning writeable permissions.. |
|
|
Check how well known applications: http://www.prestashop.com/en/downloads/ http://www.zen-cart.com/ http://www.pragmamx.org/Downloads-op-view-lid-731.html (german) http://wordpress.org/ do handle "installation wise permission settings and use this as best practice |
|
|
added warning messages to setup last step and admin home page: 'SETUP_CONFIG_PERMISSIONS' => "WICHTIG: Aus Sicherheitsgründen setzen Sie Ihre config.inc.php Datei auf read-only-Modus!", 'SETUP_CONFIG_PERMISSIONS' => "Due to security reasons put your config.inc.php file to read-only mode!", |
