diff -u b/core/includes/install.core.inc b/core/includes/install.core.inc
--- b/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -274,8 +274,9 @@
drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
// The user agent header is used to pass a database prefix in the request when
- // running tests. If prefix is set, ensure that we have a valid token.
- if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE && !drupal_valid_test_ua()) {
+ // running tests. Make sure that a valid test token is accompanied by a
+ // settings.php overriding conf_path().
+ if ($install_state['interactive'] && drupal_valid_test_ua() && !settings()->get('simpletest_conf_path')) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
@@ -1647,7 +1648,7 @@
global $base_url;
drupal_set_title(st('Drupal already installed'));
- return st('
- To start over, you must empty your existing database and delete your active configuration.
- To install to a different database, edit the appropriate settings.php file in the sites folder.
- To locate your active configuration, view the appropriate settings.php file in the sites folder.
- To upgrade an existing installation, proceed to the update script.
- View your existing site.
', array('@base-url' => $base_url));
+ return st('- To start over, you must empty your existing database, delete your active configuration, and copy default.settings.php over settings.php.
- To install to a different database, edit the appropriate settings.php file in the sites folder.
- To locate your active configuration, view the appropriate settings.php file in the sites folder.
- To upgrade an existing installation, proceed to the update script.
- View your existing site.
', array('@base-url' => $base_url));
}
/**
diff -u b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
--- b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
@@ -64,26 +64,9 @@
)));
$this->assertNoTitle('Foo');
- // Make sure that we are locked out of the installer when prefixing using
- // the user-agent header and using a 6 second old token. This is an
- // important security check. We can not use
- // \Drupal\simpletest\WebTestBase::drupalGet() since we need to wait after
- // creating the token and before requesting the page.
global $base_url;
- $options = array('external' => TRUE, 'absolute' => TRUE);
- $curl_options = array(
- CURLOPT_HTTPGET => TRUE,
- CURLOPT_URL => url($base_url . '/core/install.php', $options),
- CURLOPT_NOBODY => FALSE,
- CURLOPT_HTTPHEADER => array()
- );
-
- $this->curlInitialize();
- curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
- sleep(6);
- curl_exec($this->curlHandle);
- $status = curl_getinfo($this->curlHandle, CURLINFO_HTTP_CODE);
- $this->assertEqual($status, 403, 'Cannot access install.php with a "simpletest" user-agent header after 5 seconds.');
+ $this->drupalGet(url($base_url . '/core/install.php', array('external' => TRUE, 'absolute' => TRUE)));
+ $this->assertResponse(403, 'Cannot access install.php.');
$user = $this->drupalCreateUser();
$this->drupalLogin($user);