1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00

Use HTTPS, not HTTP, in install scripts

Summary:
Via HackerOne. A researcher correctly reports that our install scripts use `HTTP`, not `HTTPS`, to fetch resources and execute them as `root`, which is a potentially significant vulnerability.

Instead, use `HTTPS`.

Test Plan: Verified that these URIs function correctly over `HTTPS`.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16958
This commit is contained in:
epriestley 2016-11-29 05:25:53 -08:00
parent d1838fa5ec
commit 2d7abfd9fa

View file

@ -67,7 +67,7 @@ then
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "It doesn't look like you have the EPEL repo enabled. We are to add it" echo "It doesn't look like you have the EPEL repo enabled. We are to add it"
echo "for you, so that we can install git." echo "for you, so that we can install git."
$SUDO rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm $SUDO rpm -Uvh https://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
fi fi
YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server" YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server"
else else
@ -92,7 +92,7 @@ then
# Now that we've ensured all the devel packages required for pecl/apc are there, let's # Now that we've ensured all the devel packages required for pecl/apc are there, let's
# set up PEAR, and install apc. # set up PEAR, and install apc.
echo "Attempting to install PEAR" echo "Attempting to install PEAR"
wget http://pear.php.net/go-pear.phar wget https://pear.php.net/go-pear.phar
$SUDO php go-pear.phar && $SUDO pecl install apc $SUDO php go-pear.phar && $SUDO pecl install apc
fi fi