Issues in Installer.php - New Issues - Inspection of "Merge pull request #7052 from sminnee/director-mid..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( daed8c...cf758d )

by Damian

created 2017-06-27 02:21 UTC

src/Dev/Install/Installer.php (2 issues)

Labels

Bug 2

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SilverStripe\Dev\Install;

use Exception;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Core\CoreKernel;
use SilverStripe\Control\HTTPApplication;
use SilverStripe\Core\Kernel;
use SilverStripe\Core\Startup\ParameterConfirmationToken;
use SilverStripe\ORM\DatabaseAdmin;
use SilverStripe\Security\DefaultAdminService;
use SilverStripe\Security\Security;

/**
 * SilverStripe CMS SilverStripe\Dev\Install\Installer
 * This installer doesn't use any of the fancy SilverStripe stuff in case it's unsupported.
 */
class Installer extends InstallRequirements
{
    public function __construct()
    {
        // Cache the baseDir value
        $this->getBaseDir();
    }

    protected function installHeader()
    {
        ?>
        <html>
        <head>
            <meta charset="utf-8"/>
            <title>Installing SilverStripe...</title>
            <link rel="stylesheet" type="text/css"
                  href="framework/src/Dev/Install/client/styles/install.css"/>
            <script src="//code.jquery.com/jquery-1.7.2.min.js"></script>
        </head>
        <body>
        <div class="install-header">
            <div class="inner">
                <div class="brand">
                    <span class="logo"></span>

                    <h1>SilverStripe</h1>
                </div>
            </div>
        </div>

        <div id="Navigation">&nbsp;</div>
        <div class="clear"><!-- --></div>

        <div class="main">
            <div class="inner">
                <h2>Installing SilverStripe...</h2>

                <p>I am now running through the installation steps (this should take about 30 seconds)</p>

                <p>If you receive a fatal error, refresh this page to continue the installation</p>
                <ul>
        <?php
    }

    public function install($config)
    {
        // Render header
        $this->installHeader();

        $webserver = $this->findWebserver();
        $isIIS = $this->isIIS();
        $isApache = $this->isApache();

        flush();

        if (isset($config['stats'])) {
            if (file_exists(FRAMEWORK_PATH . '/silverstripe_version')) {
                $silverstripe_version = file_get_contents(FRAMEWORK_PATH . '/silverstripe_version');
            } else {
                $silverstripe_version = "unknown";
            }

            $phpVersion = urlencode(phpversion());
            $encWebserver = urlencode($webserver);
            $dbType = $config['db']['type'];

            // Try to determine the database version from the helper
            $databaseVersion = $config['db']['type'];
            $helper = $this->getDatabaseConfigurationHelper($dbType);
            if ($helper && method_exists($helper, 'getDatabaseVersion')) {
                $versionConfig = $config['db'][$dbType];
                $versionConfig['type'] = $dbType;
                $databaseVersion = urlencode($dbType . ': ' . $helper->getDatabaseVersion($versionConfig));
            }

            $url = "http://ss2stat.silverstripe.com/Installation/add?SilverStripe=$silverstripe_version&PHP=$phpVersion&Database=$databaseVersion&WebServer=$encWebserver";

            if (isset($_SESSION['StatsID']) && $_SESSION['StatsID']) {
                $url .= '&ID=' . $_SESSION['StatsID'];
            }

            @$_SESSION['StatsID'] = file_get_contents($url);
        }

        if (file_exists('mysite/_config.php')) {
            // Truncate the contents of _config instead of deleting it - we can't re-create it because Windows handles permissions slightly
            // differently to UNIX based filesystems - it takes the permissions from the parent directory instead of retaining them
            $fh = fopen('mysite/_config.php', 'wb');
            fclose($fh);
        }

        // Escape user input for safe insertion into PHP file
        $theme = isset($_POST['template']) ? addcslashes($_POST['template'], "\'") : 'simple';
        $locale = isset($_POST['locale']) ? addcslashes($_POST['locale'], "\'") : 'en_US';
        $type = addcslashes($config['db']['type'], "\'");
        $dbConfig = $config['db'][$type];
        foreach ($dbConfig as &$configValue) {
            $configValue = addcslashes($configValue, "\\\'");
        }
        if (!isset($dbConfig['path'])) {
            $dbConfig['path'] = '';
        }
        if (!$dbConfig) {
            echo "<p style=\"color: red\">Bad config submitted</p><pre>";
            print_r($config);
            echo "</pre>";
            die();
        }

        // Write the config file
        global $usingEnv;
        if ($usingEnv) {
            $this->statusMessage("Setting up 'mysite/_config.php' for use with environment variables...");
            $this->writeToFile("mysite/_config.php", "<?php\n ");
        } else {
            $this->statusMessage("Setting up 'mysite/_config.php'...");
            // Create databaseConfig
            $lines = array(
                $lines[] = "    'type' => '$type'"
            );
            foreach ($dbConfig as $key => $value) {
                $lines[] = "    '{$key}' => '$value'";
            }
            $databaseConfigContent = implode(",\n", $lines);
            $this->writeToFile("mysite/_config.php", <<<PHP
<?php

use SilverStripe\\ORM\\DB;

DB::setConfig([
{$databaseConfigContent}
]);

PHP
            );
        }

        $this->statusMessage("Setting up 'mysite/_config/config.yml'");
        $this->writeToFile("mysite/_config/config.yml", <<<YML
---
Name: mysite
---
# YAML configuration for SilverStripe
# See http://doc.silverstripe.org/framework/en/topics/configuration
# Caution: Indentation through two spaces, not tabs
SilverStripe\\View\\SSViewer:
  themes:
    - '$theme'
    - '\$default'
SilverStripe\\i18n\\i18n:
  default_locale: '$locale'
YML
        );

        if (!$this->checkModuleExists('cms')) {
            $this->writeToFile("mysite/code/RootURLController.php", <<<PHP
<?php

use SilverStripe\\Control\\Controller;

class RootURLController extends Controller {

    public function index() {
        echo "<html>Your site is now set up. Start adding controllers to mysite to get started.</html>";
    }

}
PHP
            );
        }

        // Write the appropriate web server configuration file for rewriting support
        if ($this->hasRewritingCapability()) {
            if ($isApache) {
                $this->statusMessage("Setting up '.htaccess' file...");
                $this->createHtaccess();
            } elseif ($isIIS) {
                $this->statusMessage("Setting up 'web.config' file...");
                $this->createWebConfig();
            }
        }

        // Mock request
        $session = new Session(isset($_SESSION) ? $_SESSION : array());
        $request = new HTTPRequest('GET', '/');
        $request->setSession($session);

        // Install kernel (fix to dev)
        $kernel = new CoreKernel(BASE_PATH);
        $kernel->setEnvironment(Kernel::DEV);
        $app = new HTTPApplication($kernel);

        // Build db within HTTPApplication
        $app->execute($request, function (HTTPRequest $request) use ($config) {
            // Start session and execute
            $request->getSession()->init();


            // Output status
            $this->statusMessage("Building database schema...");

            // Setup DB
            $dbAdmin = new DatabaseAdmin();
            $dbAdmin->setRequest($request);
            $dbAdmin->pushCurrent();
            $dbAdmin->doInit();
            $dbAdmin->doBuild(true);

            // Create default administrator user and group in database
            // (not using Security::setDefaultAdmin())
            $adminMember = DefaultAdminService::singleton()->findOrCreateDefaultAdmin();
            $adminMember->Email = $config['admin']['username'];
            $adminMember->Password = $config['admin']['password'];
            $adminMember->PasswordEncryption = Security::config()->get('encryption_algorithm');

            try {
                $this->statusMessage('Creating default CMS admin account...');
                $adminMember->write();
            } catch (Exception $e) {
                $this->statusMessage(
                    sprintf('Warning: Default CMS admin account could not be created (error: %s)', $e->getMessage())
                );
            }

            $request->getSession()->set('username', $config['admin']['username']);
            $request->getSession()->set('password', $config['admin']['password']);
            $request->getSession()->save();

        }, true);

        // Check result of install
        if (!$this->errors) {
            if (isset($_SERVER['HTTP_HOST']) && $this->hasRewritingCapability()) {
                $this->statusMessage("Checking that friendly URLs work...");
                $this->checkRewrite();
            } else {
                $token = new ParameterConfirmationToken('flush', $request);
                $params = http_build_query($token->params());

                $destinationURL = 'index.php/' .
                    ($this->checkModuleExists('cms') ? "home/successfullyinstalled?$params" : "?$params");

                echo <<<HTML
                <li>SilverStripe successfully installed; I am now redirecting you to your SilverStripe site...</li>
                <script>
                    setTimeout(function() {
                        window.location = "$destinationURL";
                    }, 2000);
                </script>
                <noscript>
                <li><a href="$destinationURL">Click here to access your site.</a></li>
                </noscript>
HTML;
            }
        }

        return $this->errors;
    }

    public function writeToFile($filename, $content)
    {
        $base = $this->getBaseDir();
        $this->statusMessage("Setting up $base$filename");

        if ((@$fh = fopen($base . $filename, 'wb')) && fwrite($fh, $content) && fclose($fh)) {
            return true;
        }
        $this->error("Couldn't write to file $base$filename");
        return false;
    }

    public function createHtaccess()
    {
        $start = "### SILVERSTRIPE START ###\n";
        $end = "\n### SILVERSTRIPE END ###";

        $base = dirname($_SERVER['SCRIPT_NAME']);
        if (defined('DIRECTORY_SEPARATOR')) {
            $base = str_replace(DIRECTORY_SEPARATOR, '/', $base);
        } else {
            $base = str_replace("\\", '/', $base);
        }

        if ($base != '.') {
            $baseClause = "RewriteBase '$base'\n";
        } else {
            $baseClause = "";
        }
        if (strpos(strtolower(php_sapi_name()), "cgi") !== false) {
            $cgiClause = "RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\n";
        } else {
            $cgiClause = "";
        }
        $rewrite = <<<TEXT
# Deny access to templates (but allow from localhost)
<Files *.ss>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
    Order deny,allow
    Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files *.yml>
    Order allow,deny
    Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_rewrite.c>

    # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
    <IfModule mod_dir.c>
        DirectoryIndex disabled
    </IfModule>

    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine On
    $baseClause
    $cgiClause

    # Deny access to potentially sensitive files and folders
    RewriteRule ^vendor(/|$) - [F,L,NC]
    RewriteRule silverstripe-cache(/|$) - [F,L,NC]
    RewriteRule composer\.(json|lock) - [F,L,NC]

    # Process through SilverStripe if no file with the requested name exists.
    # Pass through the original path as a query parameter, and retain the existing parameters.
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule .* framework/main.php?url=%1 [QSA]
</IfModule>
TEXT;

        if (file_exists('.htaccess')) {
            $htaccess = file_get_contents('.htaccess');

            if (strpos($htaccess, '### SILVERSTRIPE START ###') === false
                && strpos($htaccess, '### SILVERSTRIPE END ###') === false
            ) {
                $htaccess .= "\n### SILVERSTRIPE START ###\n### SILVERSTRIPE END ###\n";
            }

            if (strpos($htaccess, '### SILVERSTRIPE START ###') !== false
                && strpos($htaccess, '### SILVERSTRIPE END ###') !== false
            ) {
                $start = substr($htaccess, 0, strpos($htaccess, '### SILVERSTRIPE START ###'))
                    . "### SILVERSTRIPE START ###\n";
                $end = "\n" . substr($htaccess, strpos($htaccess, '### SILVERSTRIPE END ###'));
            }
        }

        $this->writeToFile('.htaccess', $start . $rewrite . $end);
    }

    /**
     * Writes basic configuration to the web.config for IIS
     * so that rewriting capability can be use.
     */
    public function createWebConfig()
    {
        $content = <<<TEXT
<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <hiddenSegments applyToWebDAV="false">
                    <add segment="silverstripe-cache" />
                    <add segment="vendor" />
                    <add segment="composer.json" />
                    <add segment="composer.lock" />
                </hiddenSegments>
                <fileExtensions allowUnlisted="true" >
                    <add fileExtension=".ss" allowed="false"/>
                    <add fileExtension=".yml" allowed="false"/>
                </fileExtensions>
            </requestFiltering>
        </security>
        <rewrite>
            <rules>
                <rule name="SilverStripe Clean URLs" stopProcessing="true">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="framework/main.php?url={R:1}" appendQueryString="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
TEXT;

        $this->writeToFile('web.config', $content);
    }

    public function checkRewrite()
    {
        $token = new ParameterConfirmationToken('flush', new HTTPRequest('GET', '/'));
        $params = http_build_query($token->params());

        $destinationURL = str_replace('install.php', '', $_SERVER['SCRIPT_NAME']) .
            ($this->checkModuleExists('cms') ? "home/successfullyinstalled?$params" : "?$params");

        echo <<<HTML
<li id="ModRewriteResult">Testing...</li>
<script>
    if (typeof $ == 'undefined') {
        document.getElemenyById('ModeRewriteResult').innerHTML = "I can't run jQuery ajax to set rewriting; I will redirect you to the homepage to see if everything is working.";
        setTimeout(function() {
            window.location = "$destinationURL";
        }, 10000);
    } else {
        $.ajax({
            method: 'get',
            url: 'InstallerTest/testrewrite',
            complete: function(response) {
                var r = response.responseText.replace(/[^A-Z]?/g,"");
                if (r === "OK") {
                    $('#ModRewriteResult').html("Friendly URLs set up successfully; I am now redirecting you to your SilverStripe site...")
                    setTimeout(function() {
                        window.location = "$destinationURL";
                    }, 2000);
                } else {
                    $('#ModRewriteResult').html("Friendly URLs are not working. This is most likely because a rewrite module isn't configured "
                        + "correctly on your site. You may need to get your web host or server administrator to do this for you: "
                        + "<ul>"
                        + "<li><strong>mod_rewrite</strong> or other rewrite module is enabled on your web server</li>"
                        + "<li><strong>AllowOverride All</strong> is set for the directory where SilverStripe is installed</li>"
                        + "</ul>");
                }
            }
        });
    }
</script>
<noscript>
    <li><a href="$destinationURL">Click here</a> to check friendly URLs are working. If you get a 404 then something is wrong.</li>
</noscript>
HTML;
    }

    public function var_export_array_nokeys($array)
    {
        $retval = "array(\n";
        foreach ($array as $item) {
            $retval .= "\t'";
            $retval .= trim($item);
            $retval .= "',\n";
        }
        $retval .= ")";
        return $retval;
    }

    /**
     * Show an installation status message.
     * The output differs depending on whether this is CLI or web based
     *
     * @param string $msg
     */
    public function statusMessage($msg)
    {
        echo "<li>$msg</li>\n";
        flush();
    }
}


1			<?php
2
3			namespace SilverStripe\Dev\Install;
4
5			use Exception;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\Control\Session;
8			use SilverStripe\Core\CoreKernel;
9			use SilverStripe\Control\HTTPApplication;
10			use SilverStripe\Core\Kernel;
11			use SilverStripe\Core\Startup\ParameterConfirmationToken;
12			use SilverStripe\ORM\DatabaseAdmin;
13			use SilverStripe\Security\DefaultAdminService;
14			use SilverStripe\Security\Security;
15
16			/**
17			* SilverStripe CMS SilverStripe\Dev\Install\Installer
18			* This installer doesn't use any of the fancy SilverStripe stuff in case it's unsupported.
19			*/
20			class Installer extends InstallRequirements
21			{
22			public function __construct()
23			{
24			// Cache the baseDir value
25			$this->getBaseDir();
26			}
27
28			protected function installHeader()
29			{
30			?>
31			<html>
32			<head>
33			<meta charset="utf-8"/>
34			<title>Installing SilverStripe...</title>
35			<link rel="stylesheet" type="text/css"
36			href="framework/src/Dev/Install/client/styles/install.css"/>
37			<script src="//code.jquery.com/jquery-1.7.2.min.js"></script>
38			</head>
39			<body>
40			<div class="install-header">
41			<div class="inner">
42			<div class="brand">
43			<span class="logo"></span>
44
45			<h1>SilverStripe</h1>
46			</div>
47			</div>
48			</div>
49
50			<div id="Navigation"> </div>
51			<div class="clear"><!-- --></div>
52
53			<div class="main">
54			<div class="inner">
55			<h2>Installing SilverStripe...</h2>
56
57			<p>I am now running through the installation steps (this should take about 30 seconds)</p>
58
59			<p>If you receive a fatal error, refresh this page to continue the installation</p>
60			<ul>
61			<?php
62			}
63
64			public function install($config)
65			{
66			// Render header
67			$this->installHeader();
68
69			$webserver = $this->findWebserver();
70			$isIIS = $this->isIIS();
71			$isApache = $this->isApache();
72
73			flush();
74
75			if (isset($config['stats'])) {
76			if (file_exists(FRAMEWORK_PATH . '/silverstripe_version')) {
77			$silverstripe_version = file_get_contents(FRAMEWORK_PATH . '/silverstripe_version');
78			} else {
79			$silverstripe_version = "unknown";
80			}
81
82			$phpVersion = urlencode(phpversion());
83			$encWebserver = urlencode($webserver);
84			$dbType = $config['db']['type'];
85
86			// Try to determine the database version from the helper
87			$databaseVersion = $config['db']['type'];
88			$helper = $this->getDatabaseConfigurationHelper($dbType);
89			if ($helper && method_exists($helper, 'getDatabaseVersion')) {
90			$versionConfig = $config['db'][$dbType];
91			$versionConfig['type'] = $dbType;
92			$databaseVersion = urlencode($dbType . ': ' . $helper->getDatabaseVersion($versionConfig));
93			}
94
95			$url = "http://ss2stat.silverstripe.com/Installation/add?SilverStripe=$silverstripe_version&PHP=$phpVersion&Database=$databaseVersion&WebServer=$encWebserver";
96
97			if (isset($_SESSION['StatsID']) && $_SESSION['StatsID']) {
98			$url .= '&ID=' . $_SESSION['StatsID'];
99			}
100
101			@$_SESSION['StatsID'] = file_get_contents($url);
102			}
103
104			if (file_exists('mysite/_config.php')) {
105			// Truncate the contents of _config instead of deleting it - we can't re-create it because Windows handles permissions slightly
106			// differently to UNIX based filesystems - it takes the permissions from the parent directory instead of retaining them
107			$fh = fopen('mysite/_config.php', 'wb');
108			fclose($fh);
109			}
110
111			// Escape user input for safe insertion into PHP file
112			$theme = isset($_POST['template']) ? addcslashes($_POST['template'], "\'") : 'simple';
113			$locale = isset($_POST['locale']) ? addcslashes($_POST['locale'], "\'") : 'en_US';
114			$type = addcslashes($config['db']['type'], "\'");
115			$dbConfig = $config['db'][$type];
116			foreach ($dbConfig as &$configValue) {
117			$configValue = addcslashes($configValue, "\\\'");
118			}
119			if (!isset($dbConfig['path'])) {
120			$dbConfig['path'] = '';
121			}
122			if (!$dbConfig) {
123			echo "<p style=\"color: red\">Bad config submitted</p><pre>";
124			print_r($config);
125			echo "</pre>";
126			die();
127			}
128
129			// Write the config file
130			global $usingEnv;
131			if ($usingEnv) {
132			$this->statusMessage("Setting up 'mysite/_config.php' for use with environment variables...");
133			$this->writeToFile("mysite/_config.php", "<?php\n ");
134			} else {
135			$this->statusMessage("Setting up 'mysite/_config.php'...");
136			// Create databaseConfig
137			$lines = array(
138			$lines[] = " 'type' => '$type'"
139			);
140			foreach ($dbConfig as $key => $value) {
141			$lines[] = " '{$key}' => '$value'";
142			}
143			$databaseConfigContent = implode(",\n", $lines);
144			$this->writeToFile("mysite/_config.php", <<<PHP
145			<?php
146
147			use SilverStripe\\ORM\\DB;
148
149			DB::setConfig([
150			{$databaseConfigContent}
151			]);
152
153			PHP
154			);
155			}
156
157			$this->statusMessage("Setting up 'mysite/_config/config.yml'");
158			$this->writeToFile("mysite/_config/config.yml", <<<YML
159			---
160			Name: mysite
161			---
162			# YAML configuration for SilverStripe
163			# See http://doc.silverstripe.org/framework/en/topics/configuration
164			# Caution: Indentation through two spaces, not tabs
165			SilverStripe\\View\\SSViewer:
166			themes:
167			- '$theme'
168			- '\$default'
169			SilverStripe\\i18n\\i18n:
170			default_locale: '$locale'
171			YML
172			);
173
174			if (!$this->checkModuleExists('cms')) {
175			$this->writeToFile("mysite/code/RootURLController.php", <<<PHP
176			<?php
177
178			use SilverStripe\\Control\\Controller;
179
180			class RootURLController extends Controller {
181
182			public function index() {
183			echo "<html>Your site is now set up. Start adding controllers to mysite to get started.</html>";
184			}
185
186			}
187			PHP
188			);
189			}
190
191			// Write the appropriate web server configuration file for rewriting support
192			if ($this->hasRewritingCapability()) {
193			if ($isApache) {
194			$this->statusMessage("Setting up '.htaccess' file...");
195			$this->createHtaccess();
196			} elseif ($isIIS) {
197			$this->statusMessage("Setting up 'web.config' file...");
198			$this->createWebConfig();
199			}
200			}
201
202			// Mock request
203			$session = new Session(isset($_SESSION) ? $_SESSION : array());
204			$request = new HTTPRequest('GET', '/');
205			$request->setSession($session);
206
207			// Install kernel (fix to dev)
208			$kernel = new CoreKernel(BASE_PATH);
209			$kernel->setEnvironment(Kernel::DEV);
210			$app = new HTTPApplication($kernel);
211
212			// Build db within HTTPApplication
213			$app->execute($request, function (HTTPRequest $request) use ($config) {
214			// Start session and execute
215			$request->getSession()->init();
			0 ignored issues – show Bug introduced 2017-06-25 06:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `init()` misses a required argument `$request`. This check looks for function calls that miss required arguments. Loading history...
216
217			// Output status
218			$this->statusMessage("Building database schema...");
219
220			// Setup DB
221			$dbAdmin = new DatabaseAdmin();
222			$dbAdmin->setRequest($request);
223			$dbAdmin->pushCurrent();
224			$dbAdmin->doInit();
225			$dbAdmin->doBuild(true);
226
227			// Create default administrator user and group in database
228			// (not using Security::setDefaultAdmin())
229			$adminMember = DefaultAdminService::singleton()->findOrCreateDefaultAdmin();
230			$adminMember->Email = $config['admin']['username'];
231			$adminMember->Password = $config['admin']['password'];
232			$adminMember->PasswordEncryption = Security::config()->get('encryption_algorithm');
233
234			try {
235			$this->statusMessage('Creating default CMS admin account...');
236			$adminMember->write();
237			} catch (Exception $e) {
238			$this->statusMessage(
239			sprintf('Warning: Default CMS admin account could not be created (error: %s)', $e->getMessage())
240			);
241			}
242
243			$request->getSession()->set('username', $config['admin']['username']);
244			$request->getSession()->set('password', $config['admin']['password']);
245			$request->getSession()->save();
			0 ignored issues – show Bug introduced 2017-06-25 06:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `save()` misses a required argument `$request`. This check looks for function calls that miss required arguments. Loading history...
246			}, true);
247
248			// Check result of install
249			if (!$this->errors) {
250			if (isset($_SERVER['HTTP_HOST']) && $this->hasRewritingCapability()) {
251			$this->statusMessage("Checking that friendly URLs work...");
252			$this->checkRewrite();
253			} else {
254			$token = new ParameterConfirmationToken('flush', $request);
255			$params = http_build_query($token->params());
256
257			$destinationURL = 'index.php/' .
258			($this->checkModuleExists('cms') ? "home/successfullyinstalled?$params" : "?$params");
259
260			echo <<<HTML
261			<li>SilverStripe successfully installed; I am now redirecting you to your SilverStripe site...</li>
262			<script>
263			setTimeout(function() {
264			window.location = "$destinationURL";
265			}, 2000);
266			</script>
267			<noscript>
268			<li><a href="$destinationURL">Click here to access your site.</a></li>
269			</noscript>
270			HTML;
271			}
272			}
273
274			return $this->errors;
275			}
276
277			public function writeToFile($filename, $content)
278			{
279			$base = $this->getBaseDir();
280			$this->statusMessage("Setting up $base$filename");
281
282			if ((@$fh = fopen($base . $filename, 'wb')) && fwrite($fh, $content) && fclose($fh)) {
283			return true;
284			}
285			$this->error("Couldn't write to file $base$filename");
286			return false;
287			}
288
289			public function createHtaccess()
290			{
291			$start = "### SILVERSTRIPE START ###\n";
292			$end = "\n### SILVERSTRIPE END ###";
293
294			$base = dirname($_SERVER['SCRIPT_NAME']);
295			if (defined('DIRECTORY_SEPARATOR')) {
296			$base = str_replace(DIRECTORY_SEPARATOR, '/', $base);
297			} else {
298			$base = str_replace("\\", '/', $base);
299			}
300
301			if ($base != '.') {
302			$baseClause = "RewriteBase '$base'\n";
303			} else {
304			$baseClause = "";
305			}
306			if (strpos(strtolower(php_sapi_name()), "cgi") !== false) {
307			$cgiClause = "RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\n";
308			} else {
309			$cgiClause = "";
310			}
311			$rewrite = <<<TEXT
312			# Deny access to templates (but allow from localhost)
313			<Files *.ss>
314			Order deny,allow
315			Deny from all
316			Allow from 127.0.0.1
317			</Files>
318
319			# Deny access to IIS configuration
320			<Files web.config>
321			Order deny,allow
322			Deny from all
323			</Files>
324
325			# Deny access to YAML configuration files which might include sensitive information
326			<Files *.yml>
327			Order allow,deny
328			Deny from all
329			</Files>
330
331			# Route errors to static pages automatically generated by SilverStripe
332			ErrorDocument 404 /assets/error-404.html
333			ErrorDocument 500 /assets/error-500.html
334
335			<IfModule mod_rewrite.c>
336
337			# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
338			<IfModule mod_dir.c>
339			DirectoryIndex disabled
340			</IfModule>
341
342			SetEnv HTTP_MOD_REWRITE On
343			RewriteEngine On
344			$baseClause
345			$cgiClause
346
347			# Deny access to potentially sensitive files and folders
348			RewriteRule ^vendor(/\|$) - [F,L,NC]
349			RewriteRule silverstripe-cache(/\|$) - [F,L,NC]
350			RewriteRule composer\.(json\|lock) - [F,L,NC]
351
352			# Process through SilverStripe if no file with the requested name exists.
353			# Pass through the original path as a query parameter, and retain the existing parameters.
354			RewriteCond %{REQUEST_URI} ^(.*)$
355			RewriteCond %{REQUEST_FILENAME} !-f
356			RewriteRule .* framework/main.php?url=%1 [QSA]
357			</IfModule>
358			TEXT;
359
360			if (file_exists('.htaccess')) {
361			$htaccess = file_get_contents('.htaccess');
362
363			if (strpos($htaccess, '### SILVERSTRIPE START ###') === false
364			&& strpos($htaccess, '### SILVERSTRIPE END ###') === false
365			) {
366			$htaccess .= "\n### SILVERSTRIPE START ###\n### SILVERSTRIPE END ###\n";
367			}
368
369			if (strpos($htaccess, '### SILVERSTRIPE START ###') !== false
370			&& strpos($htaccess, '### SILVERSTRIPE END ###') !== false
371			) {
372			$start = substr($htaccess, 0, strpos($htaccess, '### SILVERSTRIPE START ###'))
373			. "### SILVERSTRIPE START ###\n";
374			$end = "\n" . substr($htaccess, strpos($htaccess, '### SILVERSTRIPE END ###'));
375			}
376			}
377
378			$this->writeToFile('.htaccess', $start . $rewrite . $end);
379			}
380
381			/**
382			* Writes basic configuration to the web.config for IIS
383			* so that rewriting capability can be use.
384			*/
385			public function createWebConfig()
386			{
387			$content = <<<TEXT
388			<?xml version="1.0" encoding="utf-8"?>
389			<configuration>
390			<system.webServer>
391			<security>
392			<requestFiltering>
393			<hiddenSegments applyToWebDAV="false">
394			<add segment="silverstripe-cache" />
395			<add segment="vendor" />
396			<add segment="composer.json" />
397			<add segment="composer.lock" />
398			</hiddenSegments>
399			<fileExtensions allowUnlisted="true" >
400			<add fileExtension=".ss" allowed="false"/>
401			<add fileExtension=".yml" allowed="false"/>
402			</fileExtensions>
403			</requestFiltering>
404			</security>
405			<rewrite>
406			<rules>
407			<rule name="SilverStripe Clean URLs" stopProcessing="true">
408			<match url="^(.*)$" />
409			<conditions>
410			<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
411			</conditions>
412			<action type="Rewrite" url="framework/main.php?url={R:1}" appendQueryString="true" />
413			</rule>
414			</rules>
415			</rewrite>
416			</system.webServer>
417			</configuration>
418			TEXT;
419
420			$this->writeToFile('web.config', $content);
421			}
422
423			public function checkRewrite()
424			{
425			$token = new ParameterConfirmationToken('flush', new HTTPRequest('GET', '/'));
426			$params = http_build_query($token->params());
427
428			$destinationURL = str_replace('install.php', '', $_SERVER['SCRIPT_NAME']) .
429			($this->checkModuleExists('cms') ? "home/successfullyinstalled?$params" : "?$params");
430
431			echo <<<HTML
432			<li id="ModRewriteResult">Testing...</li>
433			<script>
434			if (typeof $ == 'undefined') {
435			document.getElemenyById('ModeRewriteResult').innerHTML = "I can't run jQuery ajax to set rewriting; I will redirect you to the homepage to see if everything is working.";
436			setTimeout(function() {
437			window.location = "$destinationURL";
438			}, 10000);
439			} else {
440			$.ajax({
441			method: 'get',
442			url: 'InstallerTest/testrewrite',
443			complete: function(response) {
444			var r = response.responseText.replace(/[^A-Z]?/g,"");
445			if (r === "OK") {
446			$('#ModRewriteResult').html("Friendly URLs set up successfully; I am now redirecting you to your SilverStripe site...")
447			setTimeout(function() {
448			window.location = "$destinationURL";
449			}, 2000);
450			} else {
451			$('#ModRewriteResult').html("Friendly URLs are not working. This is most likely because a rewrite module isn't configured "
452			+ "correctly on your site. You may need to get your web host or server administrator to do this for you: "
453			+ "<ul>"
454			+ "<li><strong>mod_rewrite</strong> or other rewrite module is enabled on your web server</li>"
455			+ "<li><strong>AllowOverride All</strong> is set for the directory where SilverStripe is installed</li>"
456			+ "</ul>");
457			}
458			}
459			});
460			}
461			</script>
462			<noscript>
463			<li><a href="$destinationURL">Click here</a> to check friendly URLs are working. If you get a 404 then something is wrong.</li>
464			</noscript>
465			HTML;
466			}
467
468			public function var_export_array_nokeys($array)
469			{
470			$retval = "array(\n";
471			foreach ($array as $item) {
472			$retval .= "\t'";
473			$retval .= trim($item);
474			$retval .= "',\n";
475			}
476			$retval .= ")";
477			return $retval;
478			}
479
480			/**
481			* Show an installation status message.
482			* The output differs depending on whether this is CLI or web based
483			*
484			* @param string $msg
485			*/
486			public function statusMessage($msg)
487			{
488			echo "<li>$msg</li>\n";
489			flush();
490			}
491			}
492

silverstripe / silverstripe-framework

Push — master ( daed8c...cf758d )

src/Dev/Install/Installer.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like