From: Brion Vibber Date: Sun, 27 Mar 2011 20:13:30 +0000 (+0000) Subject: * (bug 27170) [Installer] Install now completes when choosing a CC license with the... X-Git-Tag: 1.31.0-rc.0~31156 X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=d3005cfbd5aaa28a941dc0f046c301a8daf8972a;p=lhc%2Fweb%2Fwiklou.git * (bug 27170) [Installer] Install now completes when choosing a CC license with the picker There were two things breaking this: * X-Frame-Options forbade our final step of the license selector, or the license selection shower, from being loaded properly. This lead to it looking wrong. * The installation URL fingerprinting broke on the long query string that's on the final step. As a result, the user's selection got saved into a different session subkey, thinking it belonged to a different installation. It would then not get seen by the surrounding page's installer instance, causing the confusion. Fix removes the X-Frame-Options for the CC bit, and drops query strings before the rest of URL normalization in the fingerprint check so the CC bits now see the same session key as the rest. --- diff --git a/includes/installer/WebInstaller.php b/includes/installer/WebInstaller.php index add4e895d3..493e81f193 100644 --- a/includes/installer/WebInstaller.php +++ b/includes/installer/WebInstaller.php @@ -177,6 +177,7 @@ class WebInstaller extends Installer { if ( $this->request->getVal( 'SubmitCC' ) ) { $page = $this->getPageByName( 'Options' ); $this->output->useShortHeader(); + $this->output->allowFrames(); $page->submitCC(); return $this->finish(); } @@ -184,6 +185,7 @@ class WebInstaller extends Installer { if ( $this->request->getVal( 'ShowCC' ) ) { $page = $this->getPageByName( 'Options' ); $this->output->useShortHeader(); + $this->output->allowFrames(); $this->output->addHTML( $page->getCCDoneBox() ); return $this->finish(); } @@ -323,7 +325,13 @@ class WebInstaller extends Installer { public function getFingerprint() { // Get the base URL of the installation $url = $this->request->getFullRequestURL(); + if ( preg_match( '!^(.*\?)!', $url, $m) ) { + // Trim query string + $url = $m[1]; + } if ( preg_match( '!^(.*)/[^/]*/[^/]*$!', $url, $m ) ) { + // This... seems to try to get the base path from + // the /mw-config/index.php. Kinda scary though? $url = $m[1]; } return md5( serialize( array( diff --git a/includes/installer/WebInstallerOutput.php b/includes/installer/WebInstallerOutput.php index 4f68b4f6c1..cb708d1392 100644 --- a/includes/installer/WebInstallerOutput.php +++ b/includes/installer/WebInstallerOutput.php @@ -39,6 +39,14 @@ class WebInstallerOutput { public $redirectTarget; + /** + * Does the current page need to allow being used as a frame? + * If not, X-Frame-Options will be output to forbid it. + * + * @var bool + */ + public $allowFrames = false; + /** * Whether to use the limited header (used during CC license callbacks) * @var bool @@ -116,6 +124,10 @@ class WebInstallerOutput { $this->useShortHeader = $use; } + public function allowFrames( $allow = true ) { + $this->allowFrames = $allow; + } + public function flush() { if ( !$this->headerDone ) { $this->outputHeader(); @@ -163,7 +175,9 @@ class WebInstallerOutput { $dbTypes = $this->parent->getDBTypes(); $this->parent->request->response()->header( 'Content-Type: text/html; charset=utf-8' ); - $this->parent->request->response()->header( 'X-Frame-Options: DENY' ); + if (!$this->allowFrames) { + $this->parent->request->response()->header( 'X-Frame-Options: DENY' ); + } if ( $this->redirectTarget ) { $this->parent->request->response()->header( 'Location: '.$this->redirectTarget ); return;