[!!!][SECURITY] Allow first install only with FIRST_INSTALL file
It was previously possible to access the install tool by using a specially crafted URL, which caused the install tool enable file check to fail. As there was no easy solution to solve this issue, we now introduce the need to create a file on first install. So in the installation directory the following must be present: d typo3 f index.php f FIRST_INSTALL After the installation the file will be removed. Resolves: #55387 Releases: 6.2 Change-Id: I583581f18b939ba032950451bab17ac20131683b Reviewed-on: https://review.typo3.org/28612 Reviewed-by: Markus Klein Tested-by: Markus Klein Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- typo3/sysext/install/Classes/Controller/AbstractController.php 21 additions, 6 deletions.../sysext/install/Classes/Controller/AbstractController.php
- typo3/sysext/install/Classes/Controller/Action/Common/AccessNotAllowedAction.php 42 additions, 0 deletions...asses/Controller/Action/Common/AccessNotAllowedAction.php
- typo3/sysext/install/Classes/Controller/Action/Step/EnvironmentAndFolders.php 2 additions, 0 deletions.../Classes/Controller/Action/Step/EnvironmentAndFolders.php
- typo3/sysext/install/Classes/Controller/AjaxController.php 4 additions, 8 deletionstypo3/sysext/install/Classes/Controller/AjaxController.php
- typo3/sysext/install/Classes/Service/EnableFileService.php 33 additions, 0 deletionstypo3/sysext/install/Classes/Service/EnableFileService.php
- typo3/sysext/install/Resources/Private/Templates/Action/Common/AccessNotAllowed.html 25 additions, 0 deletions...ces/Private/Templates/Action/Common/AccessNotAllowed.html
- typo3/sysext/install/Start/Install.php 11 additions, 13 deletionstypo3/sysext/install/Start/Install.php
Please register or sign in to comment