Show a warning in the installer if .htaccess is not working

2 files changed, 13 insertions, 0 deletions

diff --git a/core/templates/installation.php b/core/templates/installation.php
index 426d60989a6..c0b29ea909d 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -26,6 +26,12 @@
 		<span><?php echo $l->t('Without a secure random number generator an attacker may be able to predict password reset tokens and take over your account.');?></span>		
 	</fieldset>
 	<?php endif; ?>
+	<?php if(!$_['htaccessWorking']): ?>
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
+		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
+	</fieldset>
+	<?php endif; ?>
 	<fieldset>
 		<legend><?php echo $l->t( 'Create an <strong>admin account</strong>' ); ?></legend>
 		<p class="infield">
diff --git a/lib/setup.php b/lib/setup.php
index be4101fd7b0..8b9103b7501 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -6,6 +6,12 @@ $hasPostgreSQL = is_callable('pg_connect');
 $hasOracle = is_callable('oci_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
 
+// Test if  .htaccess is working
+$content = "<Directory /data>\n";
+$content.= "Deny from All\n";
+$content.= "</Directory>";
+file_put_contents(OC::$SERVERROOT.'/data/.htaccess', $content);
+
 $opts = array(
 	'hasSQLite' => $hasSQLite,
 	'hasMySQL' => $hasMySQL,
@@ -13,6 +19,7 @@ $opts = array(
 	'hasOracle' => $hasOracle,
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
+	'htaccessWorking' => OC_Util::ishtaccessworking(),
 	'errors' => array(),
 );