admin.php: fix authentication bypass vulnerability

[jirafeau_project.git] / install.php

diff --git a/install.php b/install.php
index 451ebe3d42d53602ff8f9dee64026631e3ab7cbc..c537bdd5d6661b4fa01e17f59594ed20b02556b9 100644 (file)
--- a/install.php
+++ b/install.php
@@ -2,6 +2,7 @@
 /*
  *  Jirafeau, your web file repository
  *  Copyright (C) 2008  Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
+ *  Copyright (C) 2015  Nicola Spanti (RyDroid) <dev@nicola-spanti.info>
  *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU Affero General Public License as
@@ -14,7 +15,7 @@
  *  GNU Affero General Public License for more details.
  *
  *  You should have received a copy of the GNU Affero General Public License
- *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
 define ('NL', "\n");
@@ -67,9 +68,7 @@ jirafeau_export_cfg ($cfg)
 function
 jirafeau_mkdir ($path)
 {
-    if (!file_exists ($path) &&  !@mkdir ($path, 0755))
-        return false;
-    return true;
+    return !(!file_exists ($path) && !@mkdir ($path, 0755));
 }
 
 /**
@@ -101,7 +100,7 @@ jirafeau_check_var_dir ($path)
                                $path . '</code><br />' . $solution_str .
                                '<br />' . $mkdir_str2);
 
-    foreach (array ('files', 'links', 'async') as $subdir)
+    foreach (array ('files', 'links', 'async', 'alias') as $subdir)
     {
         $subpath = $path.$subdir;
 
@@ -182,8 +181,6 @@ if (isset ($_POST['step']) && isset ($_POST['next']))
         $cfg['var_root'] = jirafeau_add_ending_slash ($_POST['var_root']);
         jirafeau_export_cfg ($cfg);
         break;
-
-    default: break;
     }
 
 }