SA-CORE-2019-009 by mcdruid, larowlan, Heine, alexpott, xjm, DamienMcKenna, dsnopek, catch, greggles

2019-12-18 20:33:37 +10:00 · 2019-12-18 20:33:37 +10:00 · 7ae15f9c3d
parent f2b59e3ae8
commit 7ae15f9c3d
5 changed files with 59 additions and 3 deletions
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@ -425,10 +425,9 @@ function install_begin_request($class_loader, &$install_state) {
  }
  $GLOBALS['conf']['container_service_providers']['InstallerConfigOverride'] = 'Drupal\Core\Installer\ConfigOverride';

-  // Only allow dumping the container once the hash salt has been created. Note,
-  // InstallerKernel::createFromRequest() is not used because Settings is
+  // Note, InstallerKernel::createFromRequest() is not used because Settings is
  // already initialized.
-  $kernel = new InstallerKernel($environment, $class_loader, (bool) Settings::get('hash_salt', FALSE));
+  $kernel = new InstallerKernel($environment, $class_loader, FALSE);
  $kernel::bootEnvironment();
  $kernel->setSitePath($site_path);
  $kernel->boot();
--- a/core/lib/Drupal/Core/Installer/InstallerKernel.php
+++ b/core/lib/Drupal/Core/Installer/InstallerKernel.php
@ -15,6 +15,8 @@ class InstallerKernel extends DrupalKernel {
  protected function initializeContainer() {
    // Always force a container rebuild.
    $this->containerNeedsRebuild = TRUE;
+    // Ensure the InstallerKernel's container is not dumped.
+    $this->allowDumping = FALSE;
    $container = parent::initializeContainer();
    return $container;
  }
--- a/core/modules/system/tests/modules/system_test/src/Controller/SystemTestController.php
+++ b/core/modules/system/tests/modules/system_test/src/Controller/SystemTestController.php
@ -406,4 +406,12 @@ class SystemTestController extends ControllerBase implements TrustedCallbackInte
    return ['preRenderCacheTags'];
  }

+  /**
+   * Use a plain Symfony response object to output the current install_profile.
+   */
+  public function getInstallProfile() {
+    $install_profile = \Drupal::installProfile() ?: 'NONE';
+    return new Response('install_profile: ' . $install_profile);
+  }
+
 }
--- a/core/modules/system/tests/modules/system_test/system_test.routing.yml
+++ b/core/modules/system/tests/modules/system_test/system_test.routing.yml
@ -204,3 +204,10 @@ system_test.custom_cache_control:
    _controller: '\Drupal\system_test\Controller\SystemTestController::getCacheableResponseWithCustomCacheControl'
  requirements:
    _access: 'TRUE'
+
+system_test.install_profile:
+  path: '/system-test/get-install-profile'
+  defaults:
+    _controller: '\Drupal\system_test\Controller\SystemTestController::getInstallProfile'
+  requirements:
+    _access: 'TRUE'
--- a/core/tests/Drupal/FunctionalTests/Installer/InstallerPostInstallTest.php
+++ b/core/tests/Drupal/FunctionalTests/Installer/InstallerPostInstallTest.php
@ -0,0 +1,40 @@
+<?php
+
+namespace Drupal\FunctionalTests\Installer;
+
+/**
+ * Tests re-visiting the installer after a successful installation.
+ *
+ * @group Installer
+ */
+class InstallerPostInstallTest extends InstallerTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected $profile = 'minimal';
+
+  /**
+   * {@inheritdoc}
+   */
+  protected $defaultTheme = 'stark';
+
+  /**
+   * Confirms that visiting the installer does not break things post-install.
+   */
+  public function testVisitInstallerPostInstall() {
+    \Drupal::service('module_installer')->install(['system_test']);
+    // Clear caches to ensure that system_test's routes are available.
+    $this->resetAll();
+    // Confirm that the install_profile is correct.
+    $this->drupalGet('/system-test/get-install-profile');
+    $this->assertText('minimal');
+    // Make an anonymous visit to the installer
+    $this->drupalLogout();
+    $this->visitInstaller();
+    // Ensure that the install profile is still correct.
+    $this->drupalGet('/system-test/get-install-profile');
+    $this->assertText('minimal');
+  }
+
+}