installer

[lex]

Please, can you create a new installer of components. In mambo 4.6 very nice installer. Can it be used in Elxis?
Installer, used in mambo - http://users.cosmostv.by/lexuni/com_installer.rar

[eliasan]

Welcome Lex,

The installer files you have supplied are from Elxis.

[lex]

sorry  . I am stupit)))



[old attachment deleted by admin]

[eliasan]

Hi lex,

Again the files are from Elxis. Are you trying to say something else?

[lex]

nooo, all ok. Look for Attachment.
It's has very usefull thinks: universal installer, uploading file from server to server, and instaling this file.
Can create this functions in delfaut installer?

[datahell]

Lex can you attach a screenshot of the installer here, to see how it looks? Just the main screen is enough.

[lex]

ok.


[old attachment deleted by admin]

[datahell]

I thought they made something special but (I think) they don't. New Mambo's installer support install from HTTP location, it is fine but they did it with a very old-fashioned way. They also unified the installeres as I see having one installer for all type of extensions. This is very good, but it is not a important improvement.

In Elxis we are closer to a more interactive solution that will include: browsingof  the available packages, download and install them. I small idea of this, is the way Updiag tool retreives new scripts.

[lex]

But new version of installer will be avalible not very soon. How can I used install from HTTP location now?
____
Very interesting. 

[datahell]

You can make a tool or component if you are so inpatient, Elxis is open source.

Something that needs our attention:
Install from HTTP location can become a security hole for a site. I want someday to take a closer look of how mambo implemented such a feature. What happens if php restrictions do not allow opening of remote files (this happens in most sites)? Does mambo HTTP installer works if for example allow_url_fopen is OFF? I don't think so, but I have n't looked at it yet...

[lex]

If allow_url_fopen is OFF installer will wont work. But it is problem of user/server)
_____
A have made script for uploading files from HTTP location, but how to create installer I don't now(

[datahell]

Yes, but our installer (updiag->download scripts) works even if allow_url_fopen is OFF...
Our download system also works fine with allow_url_fopen=OFF for screenshots in component weblinks and in some other components (ie file server).

It is HIGHLY recommended allow_url_fopen to be OFF for any php script/application not just Elxis.
We have this in the main installation screen as a recommended security option and everything is compliant with this security directive.

An example from the "not so far past":
One of the mambo's past exploits was the pass of a strange gif image in the url inside a global variable that was a php script that was executed. If your server had allow_url_fopen=off your site would nt be vunerable even if mambo was vunerable.