Commit 3c0da100 authored by catch's avatar catch

Issue #1760330 by s.Daniel: Fixed Hide vulnerable drupal install.php sites from search engines.

parent a1bdd974
...@@ -788,6 +788,21 @@ function install_full_redirect_url($install_state) { ...@@ -788,6 +788,21 @@ function install_full_redirect_url($install_state) {
*/ */
function install_display_output($output, $install_state) { function install_display_output($output, $install_state) {
drupal_page_header(); drupal_page_header();
// Prevent install.php from being indexed when installed in a sub folder.
// robots.txt rules are not read if the site is within domain.com/subfolder
// resulting in /subfolder/install.php being found through search engines.
// When settings.php is writeable this can be used via an external database
// leading a malicious user to gain php access to the server.
$noindex_meta_tag = array(
'#tag' => 'meta',
'#attributes' => array(
'name' => 'robots',
'content' => 'noindex, nofollow',
),
);
drupal_add_html_head($noindex_meta_tag, 'install_meta_robots');
// Only show the task list if there is an active task; otherwise, the page // Only show the task list if there is an active task; otherwise, the page
// request has ended before tasks have even been started, so there is nothing // request has ended before tasks have even been started, so there is nothing
// meaningful to show. // meaningful to show.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment