From db719f1d0ddb8bea5b224576ca237a1b2d393630 Mon Sep 17 00:00:00 2001
From: Nils VAN ZUIJLEN <nils.van-zuijlen@mailo.com>
Date: Thu, 8 Apr 2021 15:04:33 +0200
Subject: [PATCH 1/2] Only allow $app and www-data to read $final_path folder

---
 scripts/install | 5 ++++-
 scripts/restore | 3 +++
 scripts/upgrade | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index 3e72ba4..f42c748 100755
--- a/scripts/install
+++ b/scripts/install
@@ -247,8 +247,11 @@ ynh_store_file_checksum --file="$final_path/.htaccess"
 # Set permissions to app files
 chown -R root: $final_path
 
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 # Remove database initialization file
-#rm $final_path/qa-include/qa-install.php
+rm $final_path/qa-include/qa-install.php
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/restore b/scripts/restore
index a24e6f6..38593d2 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -75,6 +75,9 @@ ynh_system_user_create --username=$app
 # Restore permissions on app files
 chown -R root: $final_path
 
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 75b78a8..cab6cc1 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -153,6 +153,9 @@ fi
 # Set permissions on app files
 chown -R root: $final_path
 
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 #=================================================
 # RELOAD NGINX
 #=================================================

From e8914c833c204912a18dbd7c3405b1d73249d2cb Mon Sep 17 00:00:00 2001
From: Nils VAN ZUIJLEN <nils.van-zuijlen@mailo.com>
Date: Thu, 8 Apr 2021 15:11:19 +0200
Subject: [PATCH 2/2] Prepare for new version

---
 check_process | 4 ++--
 manifest.json | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/check_process b/check_process
index ddd27a7..ff7cb01 100644
--- a/check_process
+++ b/check_process
@@ -15,11 +15,11 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
-		upgrade=1	from_commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e
+		upgrade=1	from_commit=38c46ddf46c1d42fe4184924cfcfc890fa3014d4
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0
 		change_url=1
 ;;; Upgrade options
-	; commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e
+	; commit=38c46ddf46c1d42fe4184924cfcfc890fa3014d4
 		manifest_arg=domain=DOMAIN&path=PATH&language=fr&is_public=1&q2a_name=ATestQ2ASite&admin=USER&password=password&
diff --git a/manifest.json b/manifest.json
index bf873be..a153859 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Platform for Question&Answer sites.",
         "fr": "Plateforme de Question/Réponses."
     },
-    "version": "1.8.5~ynh2",
+    "version": "1.8.5~ynh3",
     "url": "https://www.question2answer.org/",
     "license": "GPL-2.0-or-later",
     "maintainer": {