Controller for installing Elgg. Supports both web-based on CLI installation.
This controller steps the user through the install process. The method for
each step handles both the GET and POST requests. There is no XSS/CSRF protection
on the POST processing since the installer is only run once by the administrator.
The installation process can be resumed by hitting the first page. The installer
will try to figure out where to pick up again.
All the logic for the installation process is in this class, but it depends on
the core libraries. To do this, we selectively load a subset of the core libraries
for the first few steps and then load the entire engine once the database and
site settings are configured. In addition, this controller does its own session
handling until the database is setup.
There is an aborted attempt in the code at creating the data directory for
users as a subdirectory of Elgg's root. The idea was to protect this directory
through a .htaccess file. The problem is that a malicious user can upload a
.htaccess of his own that overrides the protection for his user directory. The
best solution is server level configuration that turns off AllowOverride for the
data directory. See ticket #3453 for discussion on this.