Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use status code instead of checking contents #17568

Merged
merged 2 commits into from May 16, 2021
Merged

use status code instead of checking contents #17568

merged 2 commits into from May 16, 2021

Conversation

diosmosis
Copy link
Member

Description:

Fixes #17559

Review

  • Functional review done
  • Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

flamisz
flamisz approved these changes May 16, 2021
View reviewed changes
Copy link
Contributor

@flamisz flamisz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me and worked locally 👍

@diosmosis diosmosis added this to the 4.3.0 milestone May 16, 2021
@diosmosis diosmosis added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label May 16, 2021
@diosmosis diosmosis merged commit 39450bc into 4.x-dev May 16, 2021
@diosmosis diosmosis deleted the status-check-required-priv-dir branch May 16, 2021 22:34
@Findus23
Copy link
Member

@diosmosis One issue with this method is that it will warn if someone set up their server to return a 301 Moved Permanently on the config.ini.php request.
(reported in https://forum.matomo.org/t/nach-update-auf-4-3-fehlermeldung-required-private-directories/41903)

@sgiehl sgiehl mentioned this pull request May 18, 2021
Closed
@diosmosis
Copy link
Member Author

@Findus23 I thought about it but I can't think of a good way to deal w/ redirects. We could follow them, but then we don't know if we're still looking at config.ini.php. If we don't follow them, and just accept 3XX codes, then we might end up accepting a redirect between protocols. I guess we could check both http:// and https:// w/o following redirects and if either both return 3XX or both return 4XX, we can safely pass?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flamisz flamisz flamisz approved these changes

Assignees
No one assigned
Labels
not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.3.0
Development

Successfully merging this pull request may close these issues.

[4.3.0-rc] System check falsely detects config/config.ini.php readable
3 participants
@diosmosis @Findus23 @flamisz