Elxis CMS Forum
Extensions => Components => Topic started by: lex on December 06, 2006, 19:17:55
-
Please, can you create a new installer of components. In mambo 4.6 very nice installer. Can it be used in Elxis?
Installer, used in mambo - http://users.cosmostv.by/lexuni/com_installer.rar (http://users.cosmostv.by/lexuni/com_installer.rar)
-
Welcome Lex,
The installer files you have supplied are from Elxis.
-
sorry :D. I am stupit)))
[old attachment deleted by admin]
-
Hi lex,
Again the files are from Elxis. Are you trying to say something else?
-
nooo, all ok. Look for Attachment.
It's has very usefull thinks: universal installer, uploading file from server to server, and instaling this file.
Can create this functions in delfaut installer?
-
Lex can you attach a screenshot of the installer here, to see how it looks? Just the main screen is enough.
-
ok.
[old attachment deleted by admin]
-
I thought they made something special but (I think) they don't. New Mambo's installer support install from HTTP location, it is fine but they did it with a very old-fashioned way. They also unified the installeres as I see having one installer for all type of extensions. This is very good, but it is not a important improvement.
In Elxis we are closer to a more interactive solution that will include: browsingof the available packages, download and install them. I small idea of this, is the way Updiag tool retreives new scripts.
-
But new version of installer will be avalible not very soon. How can I used install from HTTP location now?
____
Very interesting. :)
-
You can make a tool or component if you are so inpatient, Elxis is open source.
Something that needs our attention:
Install from HTTP location can become a security hole for a site. I want someday to take a closer look of how mambo implemented such a feature. What happens if php restrictions do not allow opening of remote files (this happens in most sites)? Does mambo HTTP installer works if for example allow_url_fopen is OFF? I don't think so, but I have n't looked at it yet...
-
If allow_url_fopen is OFF installer will wont work. But it is problem of user/server)
_____
A have made script for uploading files from HTTP location, but how to create installer I don't now(
-
Yes, but our installer (updiag->download scripts) works even if allow_url_fopen is OFF...
Our download system also works fine with allow_url_fopen=OFF for screenshots in component weblinks and in some other components (ie file server).
It is HIGHLY recommended allow_url_fopen to be OFF for any php script/application not just Elxis.
We have this in the main installation screen as a recommended security option and everything is compliant with this security directive.
An example from the "not so far past":
One of the mambo's past exploits was the pass of a strange gif image in the url inside a global variable that was a php script that was executed. If your server had allow_url_fopen=off your site would nt be vunerable even if mambo was vunerable.