Fixing #5194 - CSRF Read/Write

CSRF directory needs to be writeable for creating the csrf-secret.php file
Cacti · Feb 5, 2023 · f5a54a2 · netniV · Feb 6, 2023 · TheWitness
1 parent 56d80fe
commit f5a54a2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -31,6 +31,7 @@ Cacti CHANGELOG
 -issue#5187: Getting SQL errors in the Cacti due to plugin calling register function in wrong location
 -issue#5188: Device Template Filter broken
 -issue#5190: When using Gradient Support GPRINT Text Format is misaligned
+-issue#5194: CSRF directory needs to be writeable for creating the csrf-secret.php file
 -issue#5195: Spikekill Backtrace Argument #1 ($string) must be passed by reference, value given
 -issue#5196: Gradient support breaks certain Graphs with special characters in them
 -issue#5197: Realtime graph on remote poller not working in 1.2.23

diff --git a/lib/installer.php b/lib/installer.php
@@ -511,6 +511,12 @@ private function getPermissions() {
 			$config['base_path'] . '/scripts',
 		);
 
+		if (isset($config['path_csrf_secret'])) {
+			$install_paths[] = $config['path_csrf_secret'];
+		} else {
+			$install_paths[] = $config['base_path'] . '/include/vendor/csrf/csrf-secret.php';
+		}
+
 		$always_paths = array(
 			sys_get_temp_dir(),
 			$config['base_path'] . '/log',