In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ]  Related Changesets ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000180 [In-Portal CMS] Install / Upgrages feature request N/A 2009-08-04 18:40 2009-10-03 07:56
Reporter Dmitry View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 5.0.1
Status closed Product Version 5.0.0 Target Version 5.0.1
Time EstimateNo estimate
Summary 0000180: Add "Security Check" Step to Installation process
Description Add "Security Check" Step to Installation process, after Theme selection.

1. Permissions Check:

- /index.php (Secure (in greed) or Vulnerable)
- /config.php (Secure (in greed) or Vulnerable)
- /admin/index.php (Secure (in greed) or Vulnerable)

Message for users (don't include this line):

[MESSAGE IN RED]
For security reasons it's highly recommended to set 755 permissions on above files to prevent hacking attempts.
[/MESSAGE IN RED]


2. Executing PHP in writable folders:

- Result of creating and executing PHP file(s) in /system (or /system/images) (Secure (in greed) or Vulnerable (in red))

Message for users if Failed (don't include this line):

[MESSAGE IN RED]
For security reasons it's highly recommended disable the access (execution) to PHP files within /system folder and it's subfolders.
[/MESSAGE IN RED]

You can do this by:

- changing your httpd.conf file to deny requests for all *.php files.

- renaming .htaccess-sample (located in /system) to .htaccess so it overrides default Apache settings.

Note that "AllowOverride LIMIT" option option should be enabled by your host.

Additional Information
Tags No tags attached.
Reference
Change Log Message
Estimate Points 0
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0000251)
alex (manager)
2009-08-05 10:59

Fix committed to 5.0.x branch. Commit Message:

1. Fixes 0000180: Add "Security Check" Step to Installation process.
2. Iframe in thickbox windows was 1px lower, then window as the result vertical scrollbar was overlapping with bottom border of window.
3. Bug 0000073: In-Portal CMS No Color in Header (missed SQL data for skins).
4. ADMIN_DIRECTORY constant converted from safeDefine to define.
User avatar (0000252)
alex (manager)
2009-08-05 11:02

Reminder sent to: Dmitry

Check moved from "admin/index.php" file to newly created "security" step in installation process. New step will be in each installation preset (e.g. installation maintenance, license change etc.).

Please review design of that step, seems a little bit unfinished to me. Also add help text for this step in file: "core/install/steps_db.xml".
User avatar (0000729)
administrator (administrator)
2009-10-03 07:56

Closing issues from 5.0.1 version, because version was already released.

- Related Changesets
In-Portal CMS: 5.0.x r12199
Timestamp: 2009-08-05 10:59:15
Author: alex
Details ] Diff ]
1. Fixes 0000180: Add "Security Check" Step to Installation process.
2. Iframe in thickbox windows was 1px lower, then window as the result vertical scrollbar was overlapping with bottom border of window.
3. Bug 0000073: In-Portal CMS No Color in Header (missed SQL data for skins).
4. ADMIN_DIRECTORY constant converted from safeDefine to define.
mod - /in-portal/branches/5.0.x/admin/index.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/admin_templates/js/jquery/thickbox/thickbox.css Diff ] File ]
mod - /in-portal/branches/5.0.x/core/install/incs/install.tpl Diff ] File ]
mod - /in-portal/branches/5.0.x/core/install/install_data.sql Diff ] File ]
mod - /in-portal/branches/5.0.x/core/install/install_toolkit.php Diff ] File ]
add - /in-portal/branches/5.0.x/core/install/step_templates/security.tpl File ]
mod - /in-portal/branches/5.0.x/core/install/steps_db.xml Diff ] File ]
mod - /in-portal/branches/5.0.x/core/install.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/kernel/globals.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/kernel/startup.php Diff ] File ]
In-Portal CMS: 5.0.x r12175
Timestamp: 2009-08-04 18:44:05
Author: Dmitry
Details ] Diff ]
1. Bug 0000180: Add "Security Check" Step to Installation process
2. Removed .lang (exported languages) and .txt (robots.txt fails) extensions from Deny
mod - /in-portal/branches/5.0.x/tools/.htaccess Diff ] File ]
In-Portal CMS: 5.0.x r12174
Timestamp: 2009-08-04 18:43:00
Author: Dmitry
Details ] Diff ]
1. Bug 0000180: Add "Security Check" Step to Installation process
2. Added sample .htaccess
add - /in-portal/branches/5.0.x/system/.htaccess-sample File ]

- Issue History
Date Modified Username Field Change
2009-10-03 07:56 administrator Note Added: 0000729
2009-10-03 07:56 administrator Status resolved => closed
2009-09-18 07:22 alex Type bug report => feature request
2009-09-18 07:22 alex Reproducibility always => N/A
2009-08-05 11:02 alex Note Added: 0000252
2009-08-05 11:00 alex Fixed in Version => 5.0.1
2009-08-05 10:59 alex Note Added: 0000251
2009-08-05 10:59 alex Status reviewed and tested => resolved
2009-08-05 10:59 alex Resolution open => fixed
2009-08-05 10:59 alex Changeset attached 5.0.x r12199
2009-08-04 19:15 Dmitry Priority critical => normal
2009-08-04 19:15 Dmitry Priority normal => critical
2009-08-04 18:55 Dmitry Category Security => Install / Upgrages
2009-08-04 18:44 Dmitry Changeset attached 5.0.x r12175
2009-08-04 18:43 Dmitry Changeset attached 5.0.x r12174
2009-08-04 18:40 Dmitry New Issue
2009-08-04 18:40 Dmitry Status active => reviewed and tested
2009-08-04 18:40 Dmitry Assigned To => alex



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker