From 8abb7bcba7f1af4538a8399bc12a9cdc132395df Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Fri, 26 Jun 2020 11:18:14 +0200
Subject: [PATCH] FEAT #14237 TIME 3:15 Fix direct call to routes
---
apps/maarch_entreprise/index.php | 2 +-
install/class/Class_Install.php | 3 ++-
install/scripts/docservers.php | 5 +++++
install/scripts/password.php | 10 ++++++++--
install/scripts/setConfig.php | 8 ++++++--
5 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/apps/maarch_entreprise/index.php b/apps/maarch_entreprise/index.php
index 1e197f85604..959a1c20d26 100755
--- a/apps/maarch_entreprise/index.php
+++ b/apps/maarch_entreprise/index.php
@@ -56,7 +56,7 @@ include_once '../../core/class/class_functions.php';
include_once '../../core/class/class_db_pdo.php';
include_once '../../core/init.php';
include 'apps/maarch_entreprise/tools/maarchIVS/MaarchIVS.php';
-
+unset($_SESSION['installeurLock']);
if ($_SESSION['config']['usePHPIDS'] == 'true') {
include 'apps/maarch_entreprise/phpids_control.php';
}
diff --git a/install/class/Class_Install.php b/install/class/Class_Install.php
index 5026bd28ebe..a3619ba2540 100755
--- a/install/class/Class_Install.php
+++ b/install/class/Class_Install.php
@@ -150,7 +150,7 @@ class Install extends functions
public function isPhpVersion()
{
- if (version_compare(PHP_VERSION, '7.2') < 0) {
+ if (version_compare(PHP_VERSION, '7.1') < 0) {
return false;
exit;
}
@@ -618,6 +618,7 @@ class Install extends functions
pg_close();
+ $_SESSION['installeurLock'] = true;
$db = new Database();
if (!$db) {
diff --git a/install/scripts/docservers.php b/install/scripts/docservers.php
index 80c08c8a382..c76c123de87 100755
--- a/install/scripts/docservers.php
+++ b/install/scripts/docservers.php
@@ -44,6 +44,11 @@ if ($checkDocserverRoot !== true) {
exit;
}
+if (empty($_SESSION['installeurLock'])) {
+ echo 'Action forbidden';
+ return false;
+}
+
$_REQUEST['docserverRoot'] .= DIRECTORY_SEPARATOR . $_SESSION['config']['databasename'];
if (!is_dir($_REQUEST['docserverRoot'])) {
diff --git a/install/scripts/password.php b/install/scripts/password.php
index 22e55f606ba..a583495726a 100755
--- a/install/scripts/password.php
+++ b/install/scripts/password.php
@@ -32,6 +32,11 @@
include_once '../../core/init.php';
require_once('install/class/Class_Install.php');
$Class_Install = new Install;
+ if (empty($_SESSION['installeurLock'])) {
+ echo 'Action forbidden';
+ return false;
+ }
+
//CONTROLLER
$trimmedPassword=rtrim($_REQUEST['newSuperadminPass']);
if (!isset($_REQUEST['newSuperadminPass']) || empty($trimmedPassword)) {
@@ -40,6 +45,7 @@
$resp=$Class_Install->setSuperadminPass(
$_REQUEST['newSuperadminPass']
);
-
+ unset($_SESSION['installeurLock']);
+
- header("Location: ../index.php?step=config");
\ No newline at end of file
+header("Location: ../index.php?step=config");
diff --git a/install/scripts/setConfig.php b/install/scripts/setConfig.php
index a9bfb4d99c3..80292103569 100755
--- a/install/scripts/setConfig.php
+++ b/install/scripts/setConfig.php
@@ -35,8 +35,12 @@ if (empty($_REQUEST['applicationname'])) {
} else {
require_once 'install/class/Class_Install.php';
-
-setConfigXmlofApps($_REQUEST['applicationname']);
+ if (empty($_SESSION['installeurLock'])) {
+ echo 'Action forbidden';
+ return false;
+ }
+
+ setConfigXmlofApps($_REQUEST['applicationname']);
//setConfigNotification_batch_config_Xml($from,$to,$host,$user,$pass,$_REQUEST['smtpType'],$port,$auth,$charset,$smtpSecure);
$return2['status'] = 2;
--
GitLab