1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 11:30:55 +01:00

Use HTTPS, not HTTP, in install scripts

Summary:
Via HackerOne. A researcher correctly reports that our install scripts use `HTTP`, not `HTTPS`, to fetch resources and execute them as `root`, which is a potentially significant vulnerability.

Instead, use `HTTPS`.

Test Plan: Verified that these URIs function correctly over `HTTPS`.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16958
This commit is contained in:
epriestley 2016-11-29 05:25:53 -08:00
parent d1838fa5ec
commit 2d7abfd9fa

View file

@ -67,7 +67,7 @@ then
if [ $? -ne 0 ]; then
echo "It doesn't look like you have the EPEL repo enabled. We are to add it"
echo "for you, so that we can install git."
$SUDO rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
$SUDO rpm -Uvh https://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
fi
YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server"
else
@ -92,7 +92,7 @@ then
# Now that we've ensured all the devel packages required for pecl/apc are there, let's
# set up PEAR, and install apc.
echo "Attempting to install PEAR"
wget http://pear.php.net/go-pear.phar
wget https://pear.php.net/go-pear.phar
$SUDO php go-pear.phar && $SUDO pecl install apc
fi