Warn user if mod_security is present

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 6827008..8216cde 100644 (file)
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -26,6 +26,7 @@ production.
 * (bug 30160) Add public method to mw.loader to get module names from registry.
 * (bug 15558) Parameters to special pages included in wikitext can now be passed
   as with templates.
+* Installer now issues a warning if mod_security is present.
 
 === Bug fixes in 1.19 ===
 * $wgUploadNavigationUrl should be used for file redlinks if

diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php
index 9fa42f7..4f0bccd 100644 (file)
--- a/includes/installer/Installer.i18n.php
+++ b/includes/installer/Installer.i18n.php
@@ -138,6 +138,8 @@ The installation may fail!",
        'config-wincache'                 => '[http://www.iis.net/download/WinCacheForPhp WinCache] is installed',
        'config-no-cache'                 => "'''Warning:''' Could not find [http://eaccelerator.sourceforge.net eAccelerator], [http://www.php.net/apc APC], [http://trac.lighttpd.net/xcache/ XCache] or [http://www.iis.net/download/WinCacheForPhp WinCache].
 Object caching is not enabled.",
+       'config-mod-security'             => "'''Warning''': your web server has [http://modsecurity.org/ mod_security] enabled. If misconfigured, it can cause problems for MediaWiki or other software that allows users to post arbitrary content.
+Refer to [http://modsecurity.org/documentation/ mod_security documentation] or contact your host's support if you encounter random errors.",
        'config-diff3-bad'                => 'GNU diff3 not found.',
        'config-imagemagick'              => 'Found ImageMagick: <code>$1</code>.
 Image thumbnailing will be enabled if you enable uploads.',

diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php
index e1fd202..c29dd66 100644 (file)
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@@ -97,6 +97,7 @@ abstract class Installer {
                'envCheckPCRE',
                'envCheckMemory',
                'envCheckCache',
+               'envCheckModSecurity',
                'envCheckDiff3',
                'envCheckGraphics',
                'envCheckServer',
@@ -805,6 +806,15 @@ abstract class Installer {
                $this->setVar( '_Caches', $caches );
        }
 
+       /**
+        * Scare user to death if they have mod_security
+        */
+       protected function envCheckModSecurity() {
+               if ( !self::apacheModulePresent( 'mod_security' ) ) {
+                       $this->showMessage( 'config-mod-security' );
+               }
+       }
+
        /**
         * Search for GNU diff3.
         */
@@ -1168,6 +1178,23 @@ abstract class Installer {
                return false;
        }
 
+       /**
+        * Checks for presence of an Apache module. Works only if PHP is running as an Apache module, too.
+        * 
+        * @param $moduleName String: Name of module to check.
+        * @return bool
+        */
+       public static function apacheModulePresent( $moduleName ) {
+               if ( function_exists( 'apache_get_modules' ) && in_array( $moduleName, apache_get_modules() ) ) {
+                       return true;
+               }
+               // try it the hard way
+               ob_start();
+               phpinfo( INFO_MODULES );
+               $info = ob_get_clean();
+               return strpos( $info, $moduleName ) !== false;
+       }
+
        /**
         * ParserOptions are constructed before we determined the language, so fix it
         *