Fix #12607: Update installation instructions regarding admin directory

The /admin/ directory should be removed after installation or upgrading of MantisBT. The installation instructions did not state this requirement and therefore it was quite easy for users to leave this potentially dangerous directory in place on live installations of MantisBT connected to the Internet.
mantisbt · Dec 15, 2010 · 54aace9 · 54aace9
1 parent d67c4de
commit 54aace9
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/doc/INSTALL b/doc/INSTALL
@@ -31,6 +31,10 @@ INSTALLATION
  * Point your browser to http://path/to/mantisbt/admin/check.php to ensure that
    your webserver is compatible with MantisBT and configured correctly
 
+ * Remove the admin/ directory from within the MantisBT installation path. The
+   scripts within this directory should not be accessible on a live MantisBT
+   site or on any installation that is accessible via the Internet.
+
 UPGRADING
 
  * Backup your existing installation and database -- really!
@@ -50,6 +54,10 @@ UPGRADING
  * Point your browser to http://path/to/_NEW_mantisbt/admin/check.php to ensure that
    your webserver is compatible with MantisBT and configured correctly
 
+ * Remove the admin/ directory from within the MantisBT installation path. The
+   scripts within this directory should not be accessible on a live MantisBT
+   site or on any installation that is accessible via the Internet.
+
  * To restore your original MantisBT URL operation it is best at this point
    to delete the old MantisBT directory and rename the directory you
    extracted the tarball to to the original directory name.