Enano installation quick help • {$title}

diff -r 2f530ad04f1b -r ccad6026a168 install.php --- a/install.php Tue Jun 19 18:41:10 2007 -0400 +++ b/install.php Thu Jun 21 12:00:16 2007 -0400 @@ -12,7 +12,7 @@ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. */ -//@include('config.php'); +@include('config.php'); if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) { $_GET['title'] = 'Enano:WhoCaresWhatThisIs'; require('includes/common.php'); @@ -168,6 +168,61 @@ mysql_close($conn); die('good'); break; + case 'pophelp': + $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid'; + switch($topic) + { + case 'admin_embed_php': + $title = 'Allow administrators to embed PHP'; + $content = '

This option allows you to control whether anything between the standard <?php and ?> tags will be treated as + PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will + execute that code when the page is loaded. There are obvious potential security implications here, which should + be carefully considered before enabling this option.

If you are the only administrator of this site, or if you have a high level of trust for those will be administering + the site with you, you should enable this to allow extreme customization of pages.

Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding + is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to + embed Javascript and arbitrary HTML and CSS.

If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time + using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection, or by + using the "embedded PHP kill switch" in the administration panel.

'; + break; + default: + $title = 'Invalid topic'; + $content = 'Invalid help topic.'; + break; + } + echo << + + + Enano installation quick help • {$title} + + + + +

{$title}

+ {$content} +

+ Close window +

+ + +EOF; + exit; + break; default: break; } @@ -717,6 +772,21 @@ Administration password: Good/bad icon

Enter it again to confirm: Your e-mail address: Good/bad icon

+ + + Allow administrative embedding of PHP:
+ Do not under any circumstances enable this option without reading these + important security implications. + + + + Disabled + Enabled + + + If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.

@@ -847,6 +917,7 @@ !isset($_POST['copyright']) || !isset($_POST['admin_user']) || !isset($_POST['admin_pass']) || + !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) || !isset($_POST['urlscheme']) ) { @@ -931,6 +1002,7 @@ $schema = str_replace('{{REAL_NAME}}', '', $schema); $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema); + $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema); // Not anymore! :-D // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);