From 9365243f600247d5171bf937090f97fe069c2811 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 22 Jun 2015 15:24:52 -0500
Subject: [PATCH] deploy: Put the MANIFEST in the include/ folder

This allows the MANIFEST to be hidden from HTTP requests since the entire
include/ folder is already denied for Apache.
---
 setup/cli/modules/deploy.php |  4 ++--
 setup/cli/modules/unpack.php | 14 +++++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/setup/cli/modules/deploy.php b/setup/cli/modules/deploy.php
index c5100a6a2..c616e321f 100644
--- a/setup/cli/modules/deploy.php
+++ b/setup/cli/modules/deploy.php
@@ -96,7 +96,7 @@ class Deployment extends Unpacker {
         foreach ($this->manifest as $F=>$H)
             $lines[] = "$H $F";
 
-        return file_put_contents($root.'/.MANIFEST', implode("\n", $lines));
+        return file_put_contents($this->include_path.'/.MANIFEST', implode("\n", $lines));
     }
 
     function hashContents($file) {
@@ -223,7 +223,7 @@ class Deployment extends Unpacker {
         $include = ($upgrade) ? $this->get_include_dir()
             : ($options['include'] ? $options['include']
                 : rtrim($this->destination, '/')."/include");
-        $include = rtrim($include, '/').'/';
+        $this->include_path = $include = rtrim($include, '/').'/';
 
         # Locate the upload folder
         $root = $this->source = $this->find_root_folder();
diff --git a/setup/cli/modules/unpack.php b/setup/cli/modules/unpack.php
index 52777b307..cc4b9d9d9 100644
--- a/setup/cli/modules/unpack.php
+++ b/setup/cli/modules/unpack.php
@@ -97,7 +97,7 @@ class Unpacker extends Module {
             return @$this->manifest[$file] ?: null;
 
         $this->manifest = $lines = array();
-        $path = $this->destination . '/.MANIFEST';
+        $path = $this->get_include_dir() . '/.MANIFEST';
         if (!is_file($path))
             return null;
 
@@ -194,7 +194,15 @@ class Unpacker extends Module {
     }
 
     function get_include_dir() {
+        static $location;
+
+        if (isset($location))
+            return $location;
+
         $bootstrap_php = $this->destination . '/bootstrap.php';
+        if (!is_file($bootstrap_php))
+            return @$this->include_path ?: '';
+
         $lines = preg_grep("/define\s*\(\s*'INCLUDE_DIR'/",
             explode("\n", file_get_contents($bootstrap_php)));
 
@@ -203,9 +211,9 @@ class Unpacker extends Module {
         if (!defined('ROOT_DIR'))
             define('ROOT_DIR', rtrim($this->destination, '/').'/');
         foreach ($lines as $line)
-            eval($line);
+            @eval($line);
 
-        return rtrim(INCLUDE_DIR, '/').'/';
+        return $location = rtrim(INCLUDE_DIR, '/').'/';
     }
 
     function run($args, $options) {
-- 
GitLab