In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Type

Reproducibility

Date Submitted

Last Update

0000180

[In-Portal CMS] Install / Upgrages

feature request

N/A

2009-08-04 18:40

2009-10-03 07:56

Reporter

Dmitry

View Status

public

Project Name

In-Portal CMS

Assigned To

alex

Developer

Priority

normal

Resolution

fixed

Fixed in Version

5.0.1

Status

closed

Product Version

5.0.0

Target Version

5.0.1

Time Estimate

No estimate

Summary

0000180: Add "Security Check" Step to Installation process

Description

Add "Security Check" Step to Installation process, after Theme selection.

1. Permissions Check:

- /index.php (Secure (in greed) or Vulnerable)
- /config.php (Secure (in greed) or Vulnerable)
- /admin/index.php (Secure (in greed) or Vulnerable)

Message for users (don't include this line):

[MESSAGE IN RED]
For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts.
[/MESSAGE IN RED]

2. Executing PHP in writable folders:

- Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red))

Message for users if Failed (don't include this line):

[MESSAGE IN RED]
For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders.
[/MESSAGE IN RED]

You can do this by:

- changing your httpd.conf file to deny requests for all *.php files.

- renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings.

Note that "AllowOverride LIMIT" option option should be enabled by your host.

Additional Information

Tags

No tags attached.

Reference

Change Log Message

Estimate Points

Attached Files

Relationships [ Relation Graph ] [ Dependency Graph ]

Notes
(0000251) alex (manager) 2009-08-05 10:59	Fix committed to 5.0.x branch. Commit Message: 1. Fixes 0000180: Add "Security Check" Step to Installation process. 2. Iframe in thickbox windows was 1px lower, then window as the result vertical scrollbar was overlapping with bottom border of window. 3. Bug 0000073: In-Portal CMS No Color in Header (missed SQL data for skins). 4. ADMIN_DIRECTORY constant converted from safeDefine to define.

(0000252) alex (manager) 2009-08-05 11:02	Reminder sent to: Dmitry Check moved from "admin/index.php" file to newly created "security" step in installation process. New step will be in each installation preset (e.g. installation maintenance, license change etc.). Please review design of that step, seems a little bit unfinished to me. Also add help text for this step in file: "core/install/steps_db.xml".

(0000729) administrator (administrator) 2009-10-03 07:56	Closing issues from 5.0.1 version, because version was already released.

Related Changesets
In-Portal CMS: 5.0.x r12199 Timestamp: 2009-08-05 10:59:15 Author: alex [ Details ] [ Diff ]	1. Fixes 0000180: Add "Security Check" Step to Installation process. 2. Iframe in thickbox windows was 1px lower, then window as the result vertical scrollbar was overlapping with bottom border of window. 3. Bug 0000073: In-Portal CMS No Color in Header (missed SQL data for skins). 4. ADMIN_DIRECTORY constant converted from safeDefine to define.
	mod - /in-portal/branches/5.0.x/admin/index.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/admin_templates/js/jquery/thickbox/thickbox.css	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/install/incs/install.tpl	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/install/install_data.sql	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/install/install_toolkit.php	[ Diff ] [ File ]
	add - /in-portal/branches/5.0.x/core/install/step_templates/security.tpl	[ File ]
	mod - /in-portal/branches/5.0.x/core/install/steps_db.xml	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/install.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/kernel/globals.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.0.x/core/kernel/startup.php	[ Diff ] [ File ]

In-Portal CMS: 5.0.x r12175 Timestamp: 2009-08-04 18:44:05 Author: Dmitry [ Details ] [ Diff ]	1. Bug 0000180: Add "Security Check" Step to Installation process 2. Removed .lang (exported languages) and .txt (robots.txt fails) extensions from Deny
	mod - /in-portal/branches/5.0.x/tools/.htaccess	[ Diff ] [ File ]

In-Portal CMS: 5.0.x r12174 Timestamp: 2009-08-04 18:43:00 Author: Dmitry [ Details ] [ Diff ]	1. Bug 0000180: Add "Security Check" Step to Installation process 2. Added sample .htaccess
	add - /in-portal/branches/5.0.x/system/.htaccess-sample	[ File ]

Issue History
Date Modified	Username	Field	Change
2009-10-03 07:56	administrator	Note Added: 0000729
2009-10-03 07:56	administrator	Status	resolved => closed
2009-09-18 07:22	alex	Type	bug report => feature request
2009-09-18 07:22	alex	Reproducibility	always => N/A
2009-08-05 11:02	alex	Note Added: 0000252
2009-08-05 11:00	alex	Fixed in Version	=> 5.0.1
2009-08-05 10:59	alex	Note Added: 0000251
2009-08-05 10:59	alex	Status	reviewed and tested => resolved
2009-08-05 10:59	alex	Resolution	open => fixed
2009-08-05 10:59	alex	Changeset attached	5.0.x r12199
2009-08-04 19:15	Dmitry	Priority	critical => normal
2009-08-04 19:15	Dmitry	Priority	normal => critical
2009-08-04 18:55	Dmitry	Category	Security => Install / Upgrages
2009-08-04 18:44	Dmitry	Changeset attached	5.0.x r12175
2009-08-04 18:43	Dmitry	Changeset attached	5.0.x r12174
2009-08-04 18:40	Dmitry	New Issue
2009-08-04 18:40	Dmitry	Status	active => reviewed and tested
2009-08-04 18:40	Dmitry	Assigned To	=> alex

Web Development by Intechnic

In-Portal Open Source CMS