search

helhum / typo3-secure-web

Secure your TYPO3 installation by only exposing public files
60 stars 12 forks source link

public/typo3/sysext/*/Resources/Private/* exists #27

Closed sgrossberndt closed 3 years ago

sgrossberndt commented 3 years ago

Hi @helhum!

I was wondering after setting up helhum/typo3-secure-web with the commands below that the public/typo3/sysext/*/Resources/Private/* directories exist. I was expecting public/typo3/sysext/*/Resources/ to only contain the Public/ directory. Did I misunderstand something, am I missing vital setup information or is this a bug?

  1. user@host:~$ composer create-project typo3/cms-base-distribution:^10 example.org
Creating a "typo3/cms-base-distribution:^10" project at "./example.org"
Installing typo3/cms-base-distribution (v10.4.1)
  - Installing typo3/cms-base-distribution (v10.4.1): Extracting archive
Created project in /home/sgrossberndt/example.org
...
10 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package symfony/inflector is abandoned, you should avoid using it. Use use `EnglishInflector` from the String component instead instead.
Generating autoload files
Generating class alias map file
> typo3cms install:fixfolderstructure
The following directory structure has been fixed:
...

  1. user@host:~$ nano example.org/composer.json && cat example.org/composer.json

    {
    "name": "typo3/cms-base-distribution",
    "description" : "TYPO3 CMS Base Distribution",
    "license": "GPL-2.0-or-later",
    "config": {
            "platform": {
                    "php": "7.2"
            },
            "sort-packages": true
    },
    "require": {
            "helhum/typo3-console": "^6.0.0",
            "helhum/typo3-secure-web": "^0.3.2",
            "typo3/cms-about": "^10.4",
            "typo3/cms-backend": "^10.4",
            "typo3/cms-belog": "^10.4",
            "typo3/cms-beuser": "^10.4",
            "typo3/cms-core": "^10.4",
            "typo3/cms-dashboard": "^10.4",
            "typo3/cms-extbase": "^10.4",
            "typo3/cms-extensionmanager": "^10.4",
            "typo3/cms-felogin": "^10.4",
            "typo3/cms-filelist": "^10.4",
            "typo3/cms-fluid": "^10.4",
            "typo3/cms-fluid-styled-content": "^10.4",
            "typo3/cms-form": "^10.4",
            "typo3/cms-frontend": "^10.4",
            "typo3/cms-impexp": "^10.4",
            "typo3/cms-info": "^10.4",
            "typo3/cms-install": "^10.4",
            "typo3/cms-recordlist": "^10.4",
            "typo3/cms-rte-ckeditor": "^10.4",
            "typo3/cms-seo": "^10.4",
            "typo3/cms-setup": "^10.4",
            "typo3/cms-sys-note": "^10.4",
            "typo3/cms-t3editor": "^10.4",
            "typo3/cms-tstemplate": "^10.4",
            "typo3/cms-viewpage": "^10.4"
    },
"extra": {
    "typo3/cms": {
        "root-dir": "private",
        "web-dir": "public"
    }
},
    "scripts":{
            "typo3-cms-scripts": [
                    "typo3cms install:fixfolderstructure",
                    "typo3cms install:generatepackagestates"
            ],
            "post-autoload-dump": [
                    "@typo3-cms-scripts"
            ]
    }
}

  2. user@host:~$ cd example.org && composer require helhum/typo3-secure-web

    Using version ^0.3.2 for helhum/typo3-secure-web
./composer.json has been updated
Running composer update helhum/typo3-secure-web
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
- Locking helhum/typo3-secure-web (v0.3.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 26 installs, 0 updates, 0 removals
- Installing typo3/cms-core (v10.4.20): Extracting archive
- Installing typo3/cms-extbase (v10.4.20): Extracting archive
- Installing typo3/cms-fluid (v10.4.20): Extracting archive
- Installing typo3/cms-install (v10.4.20): Extracting archive
- Installing typo3/cms-frontend (v10.4.20): Extracting archive
- Installing typo3/cms-extensionmanager (v10.4.20): Extracting archive
- Installing typo3/cms-recordlist (v10.4.20): Extracting archive
- Installing typo3/cms-backend (v10.4.20): Extracting archive
- Installing helhum/typo3-secure-web (v0.3.2): Extracting archive
- Installing typo3/cms-about (v10.4.20): Extracting archive
- Installing typo3/cms-belog (v10.4.20): Extracting archive
- Installing typo3/cms-beuser (v10.4.20): Extracting archive
- Installing typo3/cms-dashboard (v10.4.20): Extracting archive
- Installing typo3/cms-felogin (v10.4.20): Extracting archive
- Installing typo3/cms-filelist (v10.4.20): Extracting archive
- Installing typo3/cms-fluid-styled-content (v10.4.20): Extracting archive
- Installing typo3/cms-form (v10.4.20): Extracting archive
...
Use the `composer fund` command to find out more!

  3. user@host:~/example.org$ find public/typo3/sysext/*/Resources/Private

    public/typo3/sysext/about/Resources/Private
...
helhum commented 3 years ago

The default for web-dir in a standard TYPO3 Composer based project ist public. The default for root-dir is whatever is defined in web-dir is public as well. So between step 2 and 3 you should either completely remove the then existing public folder or rename it to private, as you changed its location in step 2.