search

Geeklog-Core / geeklog

Geeklog - The Secure CMS.
https://www.geeklog.net
25 stars 19 forks source link

Geeklog Configuration - Changing Paths can cause Issues #1061

Closed eSilverStrike closed 2 years ago

eSilverStrike commented 4 years ago

Lots of small issues here... not sure if all are fixable. Basically we should probably lock down editing some paths in the Geeklog Configuration and make sure others are within the public_html directory, else the Admin can get into trouble easily and cause his site to go down.

Issue 1 The Config option path_themes is listed in the Configuration under themes even though it cannot be changed and is based on the public_html path + 'layout/'. This is confusing to users.

I think we should probably just remove the option from the Configuration. It is already hardcoded every where including the install, theme files, some plugins, lib-common, and the config class.

Issue 2 Like wise the following config options path_images, path_editors, path_themes, and path_rdf_file all must reside in the path_html (the core code assumes as much). Changing the path_html does not automatically change these paths to the appropriate path which will cause errors. Also I don't think checks are done on these paths to make sure they do reside in path_html when saved.

Issue 3 We probably shouldn't even allow the user to change the path_html config option from the Geeklog Configuration since this will always bring down the site (unless they have a duplicate site in the new path). We should display it but allow no changes. This should only be changed by the install (during a migration for example) or via the Geeklog Emergency Rescue Tool.

Issue 4 Also the Geeklog Emergency Rescue Tool does not specify that if you change path_html then all of the following config options should change as well to match: path_images, path_editors, path_themes, and path_rdf_file

mystralkk commented 4 years ago

Fixed Issue 4 with change set b1fc8cc

mystralkk commented 4 years ago

As for the issues 1-3, I agree with you.

mystralkk commented 4 years ago

Fixed the issues 1-3 with change set 8bdf969. Now you can set a configuration value to read-only like this:

$_CONF_VALIDATE['Core']['path_html'] = [
    'rule'     => 'path',
    'readonly' => true,
    'message'  => isset($LANG_VALIDATION['path']) ?
        $LANG_VALIDATION['path'] : $LANG_VALIDATION['default'],
];
eSilverStrike commented 2 years ago

Looks good.