ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001855ClearOSapp-webapp - Web App Enginepublic2014-07-13 17:032014-07-14 08:56
Reportermarclaporte 
Assigned To 
PrioritylowSeverityfeatureReproducibilityN/A
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001855: How to deal with PHP apps which can be updated via the web interface by the admin user?
DescriptionSome web apps like WordPress, Joomla! and Piwik can be updated by the site admin via the web interface. In the case of WordPress and Joomla!, you can also update extensions via the web interface (I don't know about Piwik).

For this to work:
* In some cases, the PHP user must be able to write files.
* In other cases, the user enters the FTP password and PHP uses this to write to itself.
These 2 cases have security implications.

A counter example is Tiki. Tiki does not attempt to update itself via the web interface and relies on an external process (FTP or SVN), a 1-click installer (like what we have in ClearOS) or TIM (Tiki Instance Manager, a command line tool).

ClearOS will eventually handle upgrades. One thing to think about is what happens if ClearOS does the install, but then, the application is updated on its own. How to avoid issues? How to deal with the diversity?

Thanks!
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001234)
user2
2014-07-14 08:56

This will be handled on an app-by-app basis since it's wild west when it comes to upgrades for web-based applications. For the same wild west reasons, we can't really use standard packaging (RPM, debs) to deliver updates. If feels like we're stepping back in time into the old Windows era where every piece of software (Java, Adobe PDF, Firefox) has its own different upgrade tool. It would be nice to be able to use a central repository for this, but doing:

  yum upgrade wordpress

... is not practical. When a user initializes Tiki, Wordpress, etc on ClearOS, the upstream zip is unpacked into a web document root. From that point, it's up to the web application to provide an upgrade tool.

- Issue History
Date Modified Username Field Change
2014-07-13 17:03 marclaporte New Issue
2014-07-14 08:45 user2 Status new => acknowledged
2014-07-14 08:56 user2 Note Added: 0001234