fbpx

Flat 25% off on  Everything

USE CODE: VALENTIN20
0Days
0Hours
0Minutes
0Seconds
Welcome, Guest
Username: Password: Remember me

TOPIC: Installer Weirdness

Installer Weirdness 10 months 3 weeks ago #12913

  • kevinmo
  • kevinmo's Avatar
  • Offline
  • Senior Member
  • Posts: 45
  • Thank you received: 3
  • Karma: 0
I setup the template installer for JD Guerrilla to see how things were laid out and noticed some weirdness going on and not sure why? There is a folder and two files that are in the root directory that I have never seen before and wondering why they are there and what are the potential security issues for someone that might be using this to build a live site from?

The directory is a folder called "template" (not to be confused with "templates" which is supposed to be there). In this folder are all the files for the template that are also in the templates folder and the templateDetails.xml show this to be the case. So what gives with this being in the root directory where it is not being used?

Second is after the install and the install directory is removed there are two files left over from what I can only assume is part of the install, even though it is not the proper location for these files.

installer.script.php
installer.xml

The first of the above is the post flight file whIch I guess is used for install of the package? The second however is not even for the Guerrilla template and instead the description says it is for JD Consult but it does reference the installer script file which is concerning. So again what gives with these files? For me its not a big deal but what about someone that does not really know what they are doing and these are left there and while trying to access these files does return a resticted aceess (note the bad spelling) message, but the fact that they are there one has to ask what the potential a bad actor might be able to do with these on a server that is poorly configured?
The administrator has disabled public write access.

Installer Weirdness 10 months 3 weeks ago #12916

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 3262
  • Thank you received: 481
  • Karma: 86
Kevin,

It could be that the test files weren't cleaned up while the installer was being packaged.

The structure you are describing is of a standard template folder. Are you positive you didn't extracted the template into the quickstart folder manually (un-intentionally of-course). we will investigate things on our end too.

Either way, you can delete the installer (xml and php) and the template folder as it shouldn't effect operations at all.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.
Moderators: chandandeep
Time to create page: 0.277 seconds