|
@@ -122,6 +122,13 @@ if ($max_time && $max_time < $max_execution_time_for_deploy) {
|
|
|
@ini_set("max_execution_time", $max_execution_time_for_deploy); // This work only if safe mode is off. also web servers has timeout of 300
|
|
|
}
|
|
|
|
|
|
+$dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT);
|
|
|
+$allowonlineinstall = true;
|
|
|
+$allowfromweb = 1;
|
|
|
+if (dol_is_file($dolibarrdataroot.'/installmodules.lock')) {
|
|
|
+ $allowonlineinstall = false;
|
|
|
+}
|
|
|
+
|
|
|
|
|
|
/*
|
|
|
* Actions
|
|
@@ -142,7 +149,7 @@ if (GETPOST('buttonreset', 'alpha')) {
|
|
|
$search_version = '';
|
|
|
}
|
|
|
|
|
|
-if ($action == 'install') {
|
|
|
+if ($action == 'install' && $allowonlineinstall) {
|
|
|
$error = 0;
|
|
|
|
|
|
// $original_file should match format module_modulename-x.y[.z].zip
|
|
@@ -263,6 +270,8 @@ if ($action == 'install') {
|
|
|
if (!$error) {
|
|
|
setEventMessages($langs->trans("SetupIsReadyForUse", DOL_URL_ROOT.'/admin/modules.php?mainmenu=home', $langs->transnoentitiesnoconv("Home").' - '.$langs->transnoentitiesnoconv("Setup").' - '.$langs->transnoentitiesnoconv("Modules")), null, 'warnings');
|
|
|
}
|
|
|
+} elseif ($action == 'install' && !$allowonlineinstall) {
|
|
|
+ httponly_accessforbidden("You try to bypass the protection to disallow deployment of an external module. Hack attempt ?");
|
|
|
}
|
|
|
|
|
|
if ($action == 'set' && $user->admin) {
|
|
@@ -1175,13 +1184,6 @@ if ($mode == 'marketplace') {
|
|
|
if ($mode == 'deploy') {
|
|
|
print dol_get_fiche_head($head, $mode, '', -1);
|
|
|
|
|
|
- $dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT);
|
|
|
- $allowonlineinstall = true;
|
|
|
- $allowfromweb = 1;
|
|
|
- if (dol_is_file($dolibarrdataroot.'/installmodules.lock')) {
|
|
|
- $allowonlineinstall = false;
|
|
|
- }
|
|
|
-
|
|
|
$fullurl = '<a href="'.$urldolibarrmodules.'" target="_blank" rel="noopener noreferrer">'.$urldolibarrmodules.'</a>';
|
|
|
$message = '';
|
|
|
if ($allowonlineinstall) {
|