tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not validate the mode of the setup.token 

Relying on the mode of the configuration directory must be sufficient.
This commit is contained in:
Eric Lippmann 2014-12-29 14:33:37 +01:00
parent daaf242145
commit 2bd9d27e05
1 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/setup/library/Setup/Web/Form/Validator/TokenValidator.php
View File

@ -38,10 +38,6 @@ class TokenValidator extends Zend_Validate_Abstract
mt('setup', 'Cannot validate token, file "%s" is empty. Please define a token.'),
$tokenPath
),
'TOKEN_FILE_PUBLIC' => sprintf(
mt('setup', 'Cannot validate token, file "%s" must only be accessible by the webserver\'s user.'),
$tokenPath
),
'TOKEN_INVALID' => mt('setup', 'Invalid token supplied.')
);
}
@ -56,12 +52,6 @@ class TokenValidator extends Zend_Validate_Abstract
*/
public function isValid($value, $context = null)
{
$tokenStats = @stat($this->tokenPath);
if (($tokenStats['mode'] & 4) === 4) {
$this->_error('TOKEN_FILE_PUBLIC');
return false;
}
try {
$file = new File($this->tokenPath);
$expectedToken = trim($file->fgets());