create install.lock after install into document directory

YunoHost-Apps / dolibarr_ynh

Dolibarr ERP & CRM is a modern software to manage your organization's activity. This is an integration of Dolibarr in YunoHost

https://www.dolibarr.org/

GNU Affero General Public License v3.0

13 stars 19 forks source link

create install.lock after install into document directory #87

Closed FHenry closed 2 years ago

FHenry commented 2 years ago

@mastereur The process have to to create install.lock file after the dolibarr install.

An actual exploit is massively use on Dolibarr that aren't protected by this good practice.

https://sechead.com/headlines/cve:302ae05a7b4108d8f82d997ca455cd7217368613dca49273e01e0b07cedef5ed

mastereur commented 2 years ago

Hello @FHenry,

Thanks for the alert. Fortunately, the installation by the Yunohost script automatically generates the file in question since 2019 (#19 #26) or #28 when I took over the management of the package

I will add a check at the end of a successful installation.

FHenry commented 2 years ago

Hello @mastereur ,

Thank's, every thing is safe. I've check the code on Github quickly before post the issue and didn't find when the process done it; also I didn't take time to test => sorry for that two mistake... Well, let's say better inform than regrets.