diff --git a/module_index.json b/module_index.json
index b90b600..f5c968b 100755
--- a/module_index.json
+++ b/module_index.json
@@ -75,7 +75,7 @@
"version": "0.1",
"author": "Starbeamrainbowlabs",
"description": "Displays a special page to aid in setting up a new wiki for the first time.",
- "lastupdate": 1557582295,
+ "lastupdate": 1557611407,
"optional": false,
"extra_data": []
},
@@ -205,7 +205,7 @@
"version": "0.10",
"author": "Starbeamrainbowlabs",
"description": "Adds an action to allow administrators to delete pages.",
- "lastupdate": 1501009581,
+ "lastupdate": 1557585339,
"optional": false,
"extra_data": []
},
diff --git a/modules/feature-firstrun.php b/modules/feature-firstrun.php
index 72a075b..5a8f70a 100644
--- a/modules/feature-firstrun.php
+++ b/modules/feature-firstrun.php
@@ -7,8 +7,15 @@ register_module([
"description" => "Displays a special page to aid in setting up a new wiki for the first time.",
"id" => "feature-firstrun",
"code" => function() {
+ global $settings, $env;
+
// NOTE: We auto-detect pre-existing wikis in 01-settings.fragment.php
+ if(!$settings->firstrun_complete && preg_match("/^firstrun/", $env->action) !== 1) {
+ http_response_code(307);
+ header("location: ?action=firstrun");
+ exit("Redirecting you to the first-run wizard....");
+ }
/**
* @api {get} ?action=firstrun Display the firstrun page
@@ -39,15 +46,21 @@ register_module([
You can still complete the setup manually, however! Once done, set firstrun_complete in peppermint.json to true.
"));
}
- $request_url = full_url();
- $request_url = preg_replace("/\/(index.php)?\?.*$/", "/peppermint.json");
- file_get_contents($request_url);
- $response_code = intval(explode(" ", $http_response_header[0])[1]);
- if($response_code >= 200 || $response_code < 300) {
- file_put_contents("$settingsFilename.compromised", "compromised");
- http_response_code(307);
- header("location: index.php");
- exit();
+ if(!$settings->disable_peppermint_access_check &&
+ php_sapi_name() !== "cli-server") { // The CLI server is single threaded, so it can't support loopback requests
+ $request_url = full_url();
+ $request_url = preg_replace("/\/(index.php)?\?.*$/", "/peppermint.json", $request_url);
+ file_get_contents($request_url);
+ $response_code = intval(explode(" ", $http_response_header[0])[1]);
+ if($response_code >= 200 || $response_code < 300) {
+ file_put_contents("$settingsFilename.compromised", "compromised");
+ http_response_code(307);
+ header("location: index.php");
+ exit();
+ }
+ }
+ else {
+ error_log("Warning: The public peppermint.json access check has been disabled (either manually or because you're using a local PHP development server with php -S ....). It's strongly recommended you ensure that access from outside is blocked to peppermint.json to avoid (many) security issues and other nastiness such as stealing of site secrets and password hashes.");
}
// TODO: Check the environment here first
@@ -78,10 +91,10 @@ register_module([