BUGFIX Don't delete index.php after successful installation - in Cont…

…entController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.

BUGFIX Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@111974 467b73ca-7a2a-4603-9d3b-597d59a354a9

core/control/ContentController.php

@@ -29,7 +29,7 @@ class ContentController extends Controller {
 	public static $allowed_actions = array (
 		'PageComments',
 		'successfullyinstalled',
-		'deleteinstallfiles'
+		'deleteinstallfiles' // secured through custom code
 	);
 
 	/**
@@ -420,6 +420,7 @@ function successfullyinstalled() {
 			$fourohfour->publish("Stage", "Live");
 		}
 
+		// TODO Allow this to work when allow_url_fopen=0
 		if(isset($_SESSION['StatsID']) && $_SESSION['StatsID']) {
 			$url = 'http://ss2stat.silverstripe.com/Installation/installed?ID=' . $_SESSION['StatsID'];
 			@file_get_contents($url);
@@ -440,8 +441,7 @@ function successfullyinstalled() {
 				&nbsp; &nbsp; Email: $username<br />
 				&nbsp; &nbsp; Password: $password<br />
 			</p>
-			<div style="background:#ddd; border:1px solid #ccc; padding:5px; margin:5px;"><img src="cms/images/dialogs/alert.gif" style="border: none; margin-right: 10px; float: left;" /><p style="color:red;">For security reasons you should now delete the install files, unless you are planning to reinstall later. The web server also now only needs write access to the "assets" folder, you can remove write access from all other folders.</p>
-					<div style="margin-left: auto; margin-right: auto; width: 50%;"><p><a href="home/deleteinstallfiles" style="text-align: center;">Click here to delete the install files.</a></p></div></div>
+			<div style="background:#ddd; border:1px solid #ccc; padding:5px; margin:5px;"><img src="cms/images/dialogs/alert.gif" style="border: none; margin-right: 10px; float: left;" /><p style="color:red;">For security reasons you should now delete the install files, unless you are planning to reinstall later (<em>requires admin login, see above</em>). The web server also now only needs write access to the "assets" folder, you can remove write access from all other folders. <a href="home/deleteinstallfiles" style="text-align: center;">Click here to delete the install files.</a></p>
 HTML
 );
 
@@ -452,14 +452,18 @@ function successfullyinstalled() {
 	}
 
 	function deleteinstallfiles() {
+		if(!Permission::check("ADMIN")) return Security::permissionFailure($this);
+
 		$title = new Varchar("Title");
 		$content = new HTMLText("Content");
 		$tempcontent = '';
 		$username = Session::get('username');
 		$password = Session::get('password');
 
+		// We can't delete index.php as it might be necessary for URL routing without mod_rewrite.
+		// There's no safe way to detect usage of mod_rewrite across webservers,
+		// so we have to assume the file is required.
 		$installfiles = array(
-			'index.php',
 			'install.php',
 			'rewritetest.php',
 			'config-form.css',