Renaming config.php and .htaccess to *.new to allow tarbombing an Enano installation with no adverse effects; first attempt, may not work right.
--- a/README Sat Nov 03 21:32:26 2007 -0400
+++ b/README Mon Nov 05 17:07:22 2007 -0500
@@ -1,25 +1,80 @@
Enano CMS
-Version 1.0.1
+Version 1.0.2
-----------------------------
Thanks for downloading Enano! If you're looking for an installation guide,
-you can find it at <http://enanocms.org/Help:Installation>.
+you can find it at <http://docs.enanocms.org/Help:2.1>.
COPYRIGHT
-----------------------------
+Enano CMS
+Copyright (C) 2006-2007 Dan Fuhry. All rights except those explicitly granted
+by the included license agreement reserved.
+
+PHILOSOPHY
+-----------------------------
+
We strongly believe in the idea of Free Software. Enano is released under the
GNU General Public License; see the file GPL included with this release for
details.
+LICENSING
+-----------------------------
+
+This program is Free Software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation; either version 2 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU General Public License for details.
+
+You should have received a copy of the GNU General Public License along with
+this program; if not, write to:
+
+ Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor
+ Boston, MA 02110-1301, USA
+
+-----------------------------
+
Most of the PHP code in Enano was written by Dan Fuhry. Some parts were borrowed
from other projects that are also released under Free licenses; see the various
files under the licenses/ directory included with this release for details.
+If you are planning to make a commercial fork of Enano, all of the software and
+libraries included with Enano are available under licenses that allow you to do
+so; however, in compliance with the GPL, you must:
+
+a) provide attribution to the Enano team in source code files and on the
+ (renamed) Special:About_Enano page,
+b) remove all instances of the word Enano and the Enano logo from your
+ derivative work, with the exception of the following phrase, which must
+ be shown on the (renamed) Special:About_Enano page:
+
+ "The software used on this website was based on Enano CMS. Copyright
+ (C) 2006-2007 Enano Foundation."
+
+ The words "Enano CMS" must link to the page <http://enanocms.org/>. You may
+ (at your option) also include a notice of non-endorsement by the Enano
+ Foundation, unless you're lucky enough to become an official fork
+ maintainer.
+
+c) Provide the complete source code for your modified version of Enano under
+ the terms of the GNU General Public License, and
+d) Include the complete and unmodified licenses/ directory, which contains
+ licensing information for third-party libraries that Enano uses.
+
+As permitted by the GPL, you may charge for the service of downloading Enano
+from your server; however, you may not prevent others from distributing Enano
+or any modified version.
+
CHANGES IN THIS RELEASE
-----------------------------
-Please see <http://enanocms.org/Release_notes/1.0.1> for a list of changes in
+Please see <http://enanocms.org/Release_notes/1.0.2> for a list of changes in
this release.
UPGRADING FROM PREVIOUS RELEASES
@@ -44,15 +99,22 @@
You can find more themes for Enano at <http://enanocms.org/Category:Themes>.
Again, we're still working on packaging up themes and creating pages for them,
-so try to be patient. We have quite a few themes in the works.
+so try to be patient. We have quite a few themes in the works. You can create
+your own themes too; for more information, see Chapter V of the Enano
+Administrator's handbook, at <http://docs.enanocms.org/Help:5>.
GETTING SUPPORT
-----------------------------
+Before contacting support, have a look at the Enano Documentation at
+<http://docs.enanocms.org/>. Most of Enano's features are documented with
+step-by-step guides at this site; if you encounter a problem, then please
+contact the Enano team as instructed below.
+
Support for Enano is available via the Enano forums at
<http://forum.enanocms.org>. You can also use our IRC channel
-(irc.freenode.net #enano) or purchase paid support via instant messaging for
-US$20 an hour.
+(irc.freenode.net #enano) or purchase paid one-on-one support via instant
+messaging for US$20 an hour.
Have fun with Enano!
--- a/includes/pageutils.php Sat Nov 03 21:32:26 2007 -0400
+++ b/includes/pageutils.php Mon Nov 05 17:07:22 2007 -0500
@@ -822,7 +822,7 @@
return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
break;
case "reupload":
- if ( !$session->get_permissions('history_rollbacks_extra') )
+ if ( !$session->get_permissions('history_rollback_extra') )
{
return 'Administrative privileges are required for file rollbacks.';
}
--- a/includes/paths.php Sat Nov 03 21:32:26 2007 -0400
+++ b/includes/paths.php Mon Nov 05 17:07:22 2007 -0500
@@ -54,7 +54,7 @@
$session->register_acl_type('mod_comments', AUTH_DISALLOW, 'Moderate comments', Array('edit_comments'), 'Article|User|Project|Template|File|Help|System|Category');
$session->register_acl_type('history_view', AUTH_WIKIMODE, 'View history/diffs', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
$session->register_acl_type('history_rollback', AUTH_DISALLOW, 'Rollback history', Array('history_view'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'Undelete page(s)', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'Undelete page(s)', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category|Special');
$session->register_acl_type('protect', AUTH_DISALLOW, 'Protect page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
$session->register_acl_type('rename', AUTH_WIKIMODE, 'Rename page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
$session->register_acl_type('clear_logs', AUTH_DISALLOW, 'Clear page logs (dangerous)', Array('read', 'protect', 'even_when_protected'), 'Article|User|Project|Template|File|Help|System|Category');
--- a/install.php Sat Nov 03 21:32:26 2007 -0400
+++ b/install.php Mon Nov 05 17:07:22 2007 -0500
@@ -391,7 +391,7 @@
run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
//run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
- run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+ run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
@@ -741,7 +741,7 @@
exit;
}
unset($_POST['_cont']);
- require('config.php');
+ require('config.new.php');
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
if ( isset($crypto_key) )
{
@@ -750,7 +750,7 @@
if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
{
$cryptkey = $aes->gen_readymade_key();
- $handle = @fopen(ENANO_ROOT.'/config.php', 'w');
+ $handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
if(!$handle)
{
echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
@@ -1040,10 +1040,10 @@
if ( !empty($_POST['crypt_data']) )
{
- require('config.php');
+ require('config.new.php');
if ( !isset($cryptkey) )
{
- echo 'failed!<br />Cannot get the key from config.php';
+ echo 'failed!<br />Cannot get the key from config.new.php';
break;
}
$key = hexdecode($cryptkey);
@@ -1156,7 +1156,7 @@
$crypto_key = \''.$privkey.'\';
?>';
- $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w');
+ $cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
if(!$cf_handle) err('Couldn\'t open file config.php for writing');
fwrite($cf_handle, $config_file);
fclose($cf_handle);
@@ -1185,9 +1185,17 @@
if ( !$q )
err('Error setting up logs: '.$db->get_error());
+ // This is only in RAM; it's meant to correct a race condition encountered by several testers
+ $session->acl_merge(array(
+ 'clear_logs' => AUTH_ALLOW
+ ));
+
if ( !$session->get_permissions('clear_logs') )
{
- echo '<br />Error: session manager won\'t permit flushing logs, these is a bug.';
+ echo '<p><b>The session manager denied the request to flush logs for the main page.</b><br />
+ While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
+ properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
+ to finish the installation, please be aware that you may be unable to log into your site.</p>';
break;
}
@@ -1197,6 +1205,16 @@
PageUtils::flushlogs('Main_Page', 'Article');
+ echo 'done!<br />Renaming config.new.php and .htaccess.new...';
+ if ( !@rename('./config.new.php', './config.php') )
+ err('failed!<p>Please rename config.new.php manually to config.php. If you selected Tiny URLs, please also rename .htaccess.new to .htaccess.');
+
+ if ( $_POST['urlscheme'] == 'tiny' )
+ {
+ if ( !@rename('./.htaccess.new', './.htaccess') )
+ err('failed!<p>Please rename .htaccess.new manually to .htaccess.');
+ }
+
echo 'done!<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
// echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';