fix: hardened the setup

Author: thorsten

phpmyfaq/src/phpMyFAQ/Controller/Frontend/SetupController.php

@@ -44,6 +44,11 @@ final class SetupController
     public function index(Request $request): Response
     {
         $system = new System();
+
+        if (!$system->checkInstallation()) {
+            return new Response('phpMyFAQ is already installed.', Response::HTTP_FORBIDDEN);
+        }
+
         $installer = new Installer($system);
 
         $checkBasicError = '';
@@ -84,6 +89,11 @@ public function index(Request $request): Response
     public function install(): Response
     {
         $system = new System();
+
+        if (!$system->checkInstallation()) {
+            return new Response('phpMyFAQ is already installed.', Response::HTTP_FORBIDDEN);
+        }
+
         $installer = new Installer($system);
 
         $installationError = '';

phpmyfaq/src/phpMyFAQ/Setup/Installer.php

@@ -732,6 +732,11 @@ public function checkInitialRewriteBasePath(Request $request): bool
      */
     public function startInstall(?array $setup = null): void
     {
+        $rootDir = $setup['rootDir'] ?? PMF_ROOT_DIR;
+        if (is_file($rootDir . '/content/core/config/database.php')) {
+            throw new Exception('phpMyFAQ is already installed. Please use the update.');
+        }
+
         $ldapSetup = [];
         $query = [];
         $uninstall = [];

tests/bootstrap.php

@@ -74,9 +74,10 @@
 $loader->register();
 
 //
-// Delete a possible SQLite file first
+// Delete possible leftover files from previous test runs
 //
 @unlink(PMF_TEST_DIR . '/test.db');
+@unlink(PMF_TEST_DIR . '/content/core/config/database.php');
 
 //
 // Create database credentials for SQLite