CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[fixed] excluding hidden files/dir from access testing

https://forum.cmsmadesimple.org/viewtopic.php?t=72749

Page 1 of 1

[fixed] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 6:15 pm
by bess
during the installation :
Write permission in destination directory
The HTTP process must be able to write to the destination directory (and to all files and directories beneath it) in order to install files. We do not have write permission to (at least) D:\www\forge2/.git/objects/00/620e7a55aa9b436e7c2e67e9bc2e65e8156229
we shouldn't test all files and directory which names start with a dot :

.htaccess
.htpasswd <- dear anonymous reader: don't be stupid... don't let this file in your web directory
.svn
.git
.directory
....

the quick fix for me was to move the .git directory during the installation.

Re: [Minor] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 6:25 pm
by calguy1000
for the most part I agree.
However, the .htaccess one prolly should be an exception

Re: [Minor] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 7:02 pm
by bess
Having the .htaccess writeable by the php's process is a security flaw (my opinion)

Re: [Minor] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 7:03 pm
by calguy1000
yes, but during installation, testing for it (if it exists, it should be writable). is another question.

After installation is a different story.

Re: [Minor] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 7:21 pm
by bess
so, okay for the .htaccess file (as an exception) but for every other files/directory ?

Re: [Minor] excluding hidden files/dir from access testing

Posted: Sun Apr 19, 2015 8:04 pm
by calguy1000
fixed as described (with the exception).
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited