Feature #1548
File Verification Enhancements
| Status: | Closed | Start date: | 04/19/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Dylan Myers | % Done: | 100% |
|
| Category: | Admin Control Panel | |||
| Target version: | 1.6.4 |
Description
Allow supporting of the common modification to rename index.php -> forums.php and portal.php -> index.php
In admin/modules/tools/file_verification.php change:
$checksums[trim($parts[1])][] = $parts[0];
To:
if(file_exists(MYBB_ROOT."forums.php") && !file_exists(MYBB_ROOT."portal.php"))
{
if(trim($parts[1]) == "./index.php")
{
$parts[1] = "./forums.php";
}
elseif($parts[1] == "./portal.php")
{
$parts[1] = "./index.php";
}
}
$checksums[trim($parts[1])][] = $parts[0];
Associated revisions
Feature File Verification Enhancements (completed #1548)
Fixes File Verification Enhancements (fixes #1548)
History
#1 Updated by Dylan Myers about 1 year ago
- Status changed from New to Assigned
- Assignee set to Dylan Myers
- Target version set to 1.6.5
#2 Updated by Dylan Myers about 1 year ago
I've had an additional idea on this. I think it would be good to allow them a place to type in what they've renamed their index.php to. Some rename it to forum.php, some rename it to forums.php and some rename it to boards.php. There may of course be other things its renamed too.
#3 Updated by Tom Moore about 1 year ago
If you can come up with a secure way of doing it then yeah, sounds cool. Maybe you can store the setting in the internal_settings cache?
Remember, don't apply the fixes to the codebase until after 1.6.4 is released.
#4 Updated by Tom Moore about 1 year ago
- Target version changed from 1.6.5 to 1.6.4
Ignore me, we'll throw this into 1.6.4.
#5 Updated by Dylan Myers about 1 year ago
I'm going to leave out the ability for Admins to enter their renaming capability for now... Or I could make it a global var that could then be accessed by the plugin hook... anyways just ideas. If they aren't using "forums.php" they can manually change the one line this occurs on.
#6 Updated by Dylan Myers about 1 year ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Applied in changeset r5457.
#7 Updated by Spencer Swords about 1 year ago
Dylan, perhaps you'll want to update the revision so it follows MyBB's development standards (you didn't indent properly)?
#8 Updated by Dylan Myers about 1 year ago
Erg, I swear I fixed the indents on this. Stupid copy/paste always messes them up. I'll fix it shortly.
#9 Updated by Dylan Myers about 1 year ago
Applied in changeset r5462.
#10 Updated by Dylan Myers about 1 year ago
Ok, should be corrected now.
#11 Updated by Jitendra Maharaj 11 months ago
Really hard to test this on SVN as most files from 1.4.3 have been changed :D
so if everyone agrees we can close this
#12 Updated by Dylan Myers 11 months ago
I think its such a straight forward piece of code that as long as you double check me for typos and logic you can just do it w/out a test.
#14 Updated by Chris Köcher 10 months ago
I don't know if this is really a bug:
The login-form in Portal redirects to portal.php (whatever you named the portal,php). That means you will get an 404-error if you've renamed this file to index.php.
The problem is line 96 in this file:
redirect("portal.php", $lang->redirect_loggedin);
Of course, this can easily be changed by everyone to the filename you wish. But then file verification will always show this file as modificated...
So maybe this hardcoded "portal.php" should be changed (maybe $_SERVER['SCRIPT_NAME'] could be used instead, but I haven't tested this). Another possible solution would be the use of login-procedure in member.php (like in welcomeblock or on member.php?action=login). ;-)
#15 Updated by Dylan Myers 10 months ago
Chris Köcher wrote:
I don't know if this is really a bug:
The login-form in Portal redirects to portal.php (whatever you named the portal,php). That means you will get an 404-error if you've renamed this file to index.php.
The problem is line 96 in this file:
[...]Of course, this can easily be changed by everyone to the filename you wish. But then file verification will always show this file as modificated...
So maybe this hardcoded "portal.php" should be changed (maybe $_SERVER['SCRIPT_NAME'] could be used instead, but I haven't tested this). Another possible solution would be the use of login-procedure in member.php (like in welcomeblock or on member.php?action=login). ;-)
Except that this isn't about setting up the renames FOR you. Its about setting up the file verification so that if you make the manual edits and rename them (this is one of the manual edits) then your file verification will still work.
#16 Updated by Chris Köcher 10 months ago
Yes, you're right. But then I think this feature has no sense, when you have to edit this file yourself and the file will be shown as manipulated.
This feature was included to avoid that this files will be reported if they are renamed. But if you only rename them, you get an 404-error if you use the login-form in the sidebar of the portal.
#17 Updated by Dylan Myers 10 months ago
Chris Köcher wrote:
Yes, you're right. But then I think this feature has no sense, when you have to edit this file yourself and the file will be shown as manipulated.
Now why didn't any of we staff catch that small fact? Meh. Good point :)
Both files in question have to be modifed for this to work fully, so this isn't going to work for verification completely. Does still avoid the "missing" file indicator though. We'll put more thought into this in the future. I was planning on bringing up to the team that supporting rename out of the box would be a good idea since its so popular.
#18 Updated by Andreas Klauer 10 months ago
The file verification currently works of a checksum => filename type of list. If you want to support renamed files in general, you could use a filesize => checksum => filename structure instead. Once you have this list, you start in MYBB_ROOT, walk through all the subdirs, look at every PHP file you find. If it's a known filesize, and a known checksum for this filesize, then there's a good chance the file is identical to filename. This way you could identify portal.php as portal.php even if it is named thingamajig.php with no setting whatsoever. And all files that have no known file size, or no known checksum for a known filesize, would be modified or unknown.
Not sure if it's necessary to go that far though. Most people do not rename their files... and the ones that do probably modify them too.