From cafb91ec62ada50ebdc12e7ac1813c085f37e9a6 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Mon, 16 Aug 2021 19:05:27 +0200 Subject: [PATCH 1/6] Issue 10514: add TLS check to the installer This PR adds a check to the installer which tries to determine whether the request to the installer was made over an HTTPS line or not. I've only tested it with an Apache2 server, but there it works. Addresses #10514 --- src/Core/Installer.php | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/Core/Installer.php b/src/Core/Installer.php index b2b84c618..355513ac7 100644 --- a/src/Core/Installer.php +++ b/src/Core/Installer.php @@ -129,6 +129,10 @@ class Installer $returnVal = false; } + if (!$this->checkTLS()) { + $returnVal = false; + } + if (!$this->checkKeys()) { $returnVal = false; } @@ -580,6 +584,38 @@ class Installer return $status; } + /** + * TLS Check + * + * Tries to determine wheather the connection to the server is secured + * by TLS or not. If not the user will be warned that it is higly + * encuraged to use TLS. + * + * @return bool (true) as TLS is not mandatory + */ + public function checkTLS() + { + $tls = false; + + if (isset($_SERVER['HTTPS'])) { + if (($_SERVER['HTTPS'] == 1) || ($_SERVER['HTTPS'] == 'on')) { + $tls = true; + } + } + + if (!$tls) { + $help = DI::l10n()->t('The detection of TLS to secure the communication between the browser and the new Friendica server failed.'); + $help .= ' ' . DI::l10n()->t('Please ensure that the connection to the server is secure.'); + $this->addCheck(DI::l10n()->t('No TLS detected'), $tls, false, $help); + } else { + $this->addCheck(DI::l10n()->t('TLS detected'), $tls, false, ''); + } + + + // TLS is not required + return true; + } + /** * Imagick Check * From e16e9bd9298941409e4d1451709edeac9f32f403 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Mon, 16 Aug 2021 19:10:24 +0200 Subject: [PATCH 2/6] typo --- src/Core/Installer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Core/Installer.php b/src/Core/Installer.php index 355513ac7..02904004b 100644 --- a/src/Core/Installer.php +++ b/src/Core/Installer.php @@ -587,7 +587,7 @@ class Installer /** * TLS Check * - * Tries to determine wheather the connection to the server is secured + * Tries to determine whether the connection to the server is secured * by TLS or not. If not the user will be warned that it is higly * encuraged to use TLS. * From 6cd9f267719df128c50fbb8c6147cc189a8550d6 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Mon, 16 Aug 2021 19:12:05 +0200 Subject: [PATCH 3/6] add encuragement --- src/Core/Installer.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Core/Installer.php b/src/Core/Installer.php index 02904004b..19247211c 100644 --- a/src/Core/Installer.php +++ b/src/Core/Installer.php @@ -605,6 +605,7 @@ class Installer if (!$tls) { $help = DI::l10n()->t('The detection of TLS to secure the communication between the browser and the new Friendica server failed.'); + $help .= ' ' . DI::l10n()->t('It is highly encuraged to use Friendica only over a secured connection as sensible information like passwords will be transmitted.'); $help .= ' ' . DI::l10n()->t('Please ensure that the connection to the server is secure.'); $this->addCheck(DI::l10n()->t('No TLS detected'), $tls, false, $help); } else { From cfed7f2681f511211e89fd0caa31c124a217e9fd Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Mon, 16 Aug 2021 19:14:23 +0200 Subject: [PATCH 4/6] regen messages.po --- view/lang/C/messages.po | 148 +++++++++++++++++++++++----------------- 1 file changed, 86 insertions(+), 62 deletions(-) diff --git a/view/lang/C/messages.po b/view/lang/C/messages.po index ac716a286..1b8037e98 100644 --- a/view/lang/C/messages.po +++ b/view/lang/C/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: 2021.09-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-08-16 23:28+0200\n" +"POT-Creation-Date: 2021-08-16 19:13+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -3679,29 +3679,29 @@ msgstr "" msgid "Connectors" msgstr "" -#: src/Core/Installer.php:179 +#: src/Core/Installer.php:183 msgid "" "The database configuration file \"config/local.config.php\" could not be " "written. Please use the enclosed text to create a configuration file in your " "web server root." msgstr "" -#: src/Core/Installer.php:198 +#: src/Core/Installer.php:202 msgid "" "You may need to import the file \"database.sql\" manually using phpmyadmin " "or mysql." msgstr "" -#: src/Core/Installer.php:199 src/Module/Install.php:206 +#: src/Core/Installer.php:203 src/Module/Install.php:206 #: src/Module/Install.php:365 msgid "Please see the file \"doc/INSTALL.md\"." msgstr "" -#: src/Core/Installer.php:260 +#: src/Core/Installer.php:264 msgid "Could not find a command line version of PHP in the web server PATH." msgstr "" -#: src/Core/Installer.php:261 +#: src/Core/Installer.php:265 msgid "" "If you don't have a command line version of PHP installed on your server, " "you will not be able to run the background processing. See 'Setup the worker'" msgstr "" -#: src/Core/Installer.php:266 +#: src/Core/Installer.php:270 msgid "PHP executable path" msgstr "" -#: src/Core/Installer.php:266 +#: src/Core/Installer.php:270 msgid "" "Enter full path to php executable. You can leave this blank to continue the " "installation." msgstr "" -#: src/Core/Installer.php:271 +#: src/Core/Installer.php:275 msgid "Command line PHP" msgstr "" -#: src/Core/Installer.php:280 +#: src/Core/Installer.php:284 msgid "PHP executable is not the php cli binary (could be cgi-fgci version)" msgstr "" -#: src/Core/Installer.php:281 +#: src/Core/Installer.php:285 msgid "Found PHP version: " msgstr "" -#: src/Core/Installer.php:283 +#: src/Core/Installer.php:287 msgid "PHP cli binary" msgstr "" -#: src/Core/Installer.php:296 +#: src/Core/Installer.php:300 msgid "" "The command line version of PHP on your system does not have " "\"register_argc_argv\" enabled." msgstr "" -#: src/Core/Installer.php:297 +#: src/Core/Installer.php:301 msgid "This is required for message delivery to work." msgstr "" -#: src/Core/Installer.php:302 +#: src/Core/Installer.php:306 msgid "PHP register_argc_argv" msgstr "" -#: src/Core/Installer.php:334 +#: src/Core/Installer.php:338 msgid "" "Error: the \"openssl_pkey_new\" function on this system is not able to " "generate encryption keys" msgstr "" -#: src/Core/Installer.php:335 +#: src/Core/Installer.php:339 msgid "" "If running under Windows, please see \"http://www.php.net/manual/en/openssl." "installation.php\"." msgstr "" -#: src/Core/Installer.php:338 +#: src/Core/Installer.php:342 msgid "Generate encryption keys" msgstr "" -#: src/Core/Installer.php:390 +#: src/Core/Installer.php:394 msgid "" "Error: Apache webserver mod-rewrite module is required but not installed." msgstr "" -#: src/Core/Installer.php:395 +#: src/Core/Installer.php:399 msgid "Apache mod_rewrite module" msgstr "" -#: src/Core/Installer.php:401 +#: src/Core/Installer.php:405 msgid "Error: PDO or MySQLi PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:406 +#: src/Core/Installer.php:410 msgid "Error: The MySQL driver for PDO is not installed." msgstr "" -#: src/Core/Installer.php:410 +#: src/Core/Installer.php:414 msgid "PDO or MySQLi PHP module" msgstr "" -#: src/Core/Installer.php:418 +#: src/Core/Installer.php:422 msgid "Error, XML PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:422 +#: src/Core/Installer.php:426 msgid "XML PHP module" msgstr "" -#: src/Core/Installer.php:425 +#: src/Core/Installer.php:429 msgid "libCurl PHP module" msgstr "" -#: src/Core/Installer.php:426 +#: src/Core/Installer.php:430 msgid "Error: libCURL PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:432 +#: src/Core/Installer.php:436 msgid "GD graphics PHP module" msgstr "" -#: src/Core/Installer.php:433 +#: src/Core/Installer.php:437 msgid "" "Error: GD graphics PHP module with JPEG support required but not installed." msgstr "" -#: src/Core/Installer.php:439 +#: src/Core/Installer.php:443 msgid "OpenSSL PHP module" msgstr "" -#: src/Core/Installer.php:440 +#: src/Core/Installer.php:444 msgid "Error: openssl PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:446 +#: src/Core/Installer.php:450 msgid "mb_string PHP module" msgstr "" -#: src/Core/Installer.php:447 +#: src/Core/Installer.php:451 msgid "Error: mb_string PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:453 +#: src/Core/Installer.php:457 msgid "iconv PHP module" msgstr "" -#: src/Core/Installer.php:454 +#: src/Core/Installer.php:458 msgid "Error: iconv PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:460 +#: src/Core/Installer.php:464 msgid "POSIX PHP module" msgstr "" -#: src/Core/Installer.php:461 +#: src/Core/Installer.php:465 msgid "Error: POSIX PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:467 +#: src/Core/Installer.php:471 msgid "Program execution functions" msgstr "" -#: src/Core/Installer.php:468 +#: src/Core/Installer.php:472 msgid "" "Error: Program execution functions (proc_open) required but not enabled." msgstr "" -#: src/Core/Installer.php:474 +#: src/Core/Installer.php:478 msgid "JSON PHP module" msgstr "" -#: src/Core/Installer.php:475 +#: src/Core/Installer.php:479 msgid "Error: JSON PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:481 +#: src/Core/Installer.php:485 msgid "File Information PHP module" msgstr "" -#: src/Core/Installer.php:482 +#: src/Core/Installer.php:486 msgid "Error: File Information PHP module required but not installed." msgstr "" -#: src/Core/Installer.php:505 +#: src/Core/Installer.php:509 msgid "" "The web installer needs to be able to create a file called \"local.config.php" "\" in the \"config\" folder of your web server and it is unable to do so." msgstr "" -#: src/Core/Installer.php:506 +#: src/Core/Installer.php:510 msgid "" "This is most often a permission setting, as the web server may not be able " "to write files in your folder - even if you can." msgstr "" -#: src/Core/Installer.php:507 +#: src/Core/Installer.php:511 msgid "" "At the end of this procedure, we will give you a text to save in a file " "named local.config.php in your Friendica \"config\" folder." msgstr "" -#: src/Core/Installer.php:508 +#: src/Core/Installer.php:512 msgid "" "You can alternatively skip this procedure and perform a manual installation. " "Please see the file \"doc/INSTALL.md\" for instructions." msgstr "" -#: src/Core/Installer.php:511 +#: src/Core/Installer.php:515 msgid "config/local.config.php is writable" msgstr "" -#: src/Core/Installer.php:531 +#: src/Core/Installer.php:535 msgid "" "Friendica uses the Smarty3 template engine to render its web views. Smarty3 " "compiles templates to PHP to speed up rendering." msgstr "" -#: src/Core/Installer.php:532 +#: src/Core/Installer.php:536 msgid "" "In order to store these compiled templates, the web server needs to have " "write access to the directory view/smarty3/ under the Friendica top level " "folder." msgstr "" -#: src/Core/Installer.php:533 +#: src/Core/Installer.php:537 msgid "" "Please ensure that the user that your web server runs as (e.g. www-data) has " "write access to this folder." msgstr "" -#: src/Core/Installer.php:534 +#: src/Core/Installer.php:538 msgid "" "Note: as a security measure, you should give the web server write access to " "view/smarty3/ only--not the template files (.tpl) that it contains." msgstr "" -#: src/Core/Installer.php:537 +#: src/Core/Installer.php:541 msgid "view/smarty3 is writable" msgstr "" -#: src/Core/Installer.php:565 +#: src/Core/Installer.php:569 msgid "" "Url rewrite in .htaccess seems not working. Make sure you copied .htaccess-" "dist to .htaccess." msgstr "" -#: src/Core/Installer.php:566 +#: src/Core/Installer.php:570 msgid "" "In some circumstances (like running inside containers), you can skip this " "error." msgstr "" -#: src/Core/Installer.php:568 +#: src/Core/Installer.php:572 msgid "Error message from Curl when fetching" msgstr "" -#: src/Core/Installer.php:574 +#: src/Core/Installer.php:578 msgid "Url rewrite is working" msgstr "" -#: src/Core/Installer.php:603 +#: src/Core/Installer.php:607 +msgid "" +"The detection of TLS to secure the communication between the browser and the " +"new Friendica server failed." +msgstr "" + +#: src/Core/Installer.php:608 +msgid "" +"It is highly encuraged to use Friendica only over a secured connection as " +"sensible information like passwords will be transmitted." +msgstr "" + +#: src/Core/Installer.php:609 +msgid "Please ensure that the connection to the server is secure." +msgstr "" + +#: src/Core/Installer.php:610 +msgid "No TLS detected" +msgstr "" + +#: src/Core/Installer.php:612 +msgid "TLS detected" +msgstr "" + +#: src/Core/Installer.php:640 msgid "ImageMagick PHP extension is not installed" msgstr "" -#: src/Core/Installer.php:605 +#: src/Core/Installer.php:642 msgid "ImageMagick PHP extension is installed" msgstr "" -#: src/Core/Installer.php:607 +#: src/Core/Installer.php:644 msgid "ImageMagick supports GIF" msgstr "" -#: src/Core/Installer.php:629 +#: src/Core/Installer.php:666 msgid "Database already in use." msgstr "" -#: src/Core/Installer.php:634 +#: src/Core/Installer.php:671 msgid "Could not connect to database." msgstr "" From ae6e13815d66320f97cfca08b83eadc19ab6aaf0 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Tue, 17 Aug 2021 08:16:11 +0200 Subject: [PATCH 5/6] rewording the encouragement and regen of the messages.po --- src/Core/Installer.php | 3 +-- view/lang/C/messages.po | 16 ++++++++-------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/src/Core/Installer.php b/src/Core/Installer.php index 19247211c..041771812 100644 --- a/src/Core/Installer.php +++ b/src/Core/Installer.php @@ -605,14 +605,13 @@ class Installer if (!$tls) { $help = DI::l10n()->t('The detection of TLS to secure the communication between the browser and the new Friendica server failed.'); - $help .= ' ' . DI::l10n()->t('It is highly encuraged to use Friendica only over a secured connection as sensible information like passwords will be transmitted.'); + $help .= ' ' . DI::l10n()->t('It is highly encouraged to use Friendica only over a secure connection as sensitive information like passwords will be transmitted.'); $help .= ' ' . DI::l10n()->t('Please ensure that the connection to the server is secure.'); $this->addCheck(DI::l10n()->t('No TLS detected'), $tls, false, $help); } else { $this->addCheck(DI::l10n()->t('TLS detected'), $tls, false, ''); } - // TLS is not required return true; } diff --git a/view/lang/C/messages.po b/view/lang/C/messages.po index 1b8037e98..7b1a368df 100644 --- a/view/lang/C/messages.po +++ b/view/lang/C/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: 2021.09-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-08-16 19:13+0200\n" +"POT-Creation-Date: 2021-08-17 08:15+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -3953,8 +3953,8 @@ msgstr "" #: src/Core/Installer.php:608 msgid "" -"It is highly encuraged to use Friendica only over a secured connection as " -"sensible information like passwords will be transmitted." +"It is highly encouraged to use Friendica only over a secure connection as " +"sensitive information like passwords will be transmitted." msgstr "" #: src/Core/Installer.php:609 @@ -3969,23 +3969,23 @@ msgstr "" msgid "TLS detected" msgstr "" -#: src/Core/Installer.php:640 +#: src/Core/Installer.php:639 msgid "ImageMagick PHP extension is not installed" msgstr "" -#: src/Core/Installer.php:642 +#: src/Core/Installer.php:641 msgid "ImageMagick PHP extension is installed" msgstr "" -#: src/Core/Installer.php:644 +#: src/Core/Installer.php:643 msgid "ImageMagick supports GIF" msgstr "" -#: src/Core/Installer.php:666 +#: src/Core/Installer.php:665 msgid "Database already in use." msgstr "" -#: src/Core/Installer.php:671 +#: src/Core/Installer.php:670 msgid "Could not connect to database." msgstr "" From 651b60c482dc65282355de735d7da3b598996c42 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Tue, 17 Aug 2021 08:39:30 +0200 Subject: [PATCH 6/6] regen messages.po after rebase --- view/lang/C/messages.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/view/lang/C/messages.po b/view/lang/C/messages.po index 7b1a368df..ab35bcf7a 100644 --- a/view/lang/C/messages.po +++ b/view/lang/C/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: 2021.09-dev\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-08-17 08:15+0200\n" +"POT-Creation-Date: 2021-08-17 08:39+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n"