Remove default for enigma_pgp_homedir (#6173)

To make the default installation more secure force users to set the folder.
Added notes that it should be secured or not accessible from the web browser.

plugins/enigma/README

@@ -10,9 +10,7 @@ is for users that trust the server.
 
 For multi-host environments see enigma_multihost setting description.
 
-
 Implemented features:
----------------------
 + PGP: signatures verification
 + PGP: messages decryption
 + PGP: Sending of encrypted/signed messages
@@ -24,8 +22,19 @@ Implemented features:
 + Key server(s) support (search, import)
 
 
-TODO:
------
+INSTALLATION
+------------
+
+1. Rename config.inc.php.dist to config.inc.php.
+2. Create a directory for keys storage that is writeable for the PHP process.
+   This directory should be out of the document root, so it is not accessible
+   from the web browser. Set it's location in $config['enigma_pgp_homedir'].
+3. Make sure GnuPG is installed.
+
+
+TODO
+----
+
 - Handling of big messages with temp files (? - security)
 - Key info in contact details page (optional)
 - Extended key management:
@@ -50,8 +59,9 @@ TODO:
 - S/MIME: Certificate info in Contacts details page (optional)
 
 
-KNOWN ISSUES:
--------------
+KNOWN ISSUES
+------------
+
 There are some known issues with accepting key passphrases on various
 system configurations. This is caused by issues in PinEntry handling.
 Make sure that vendor/bin/crypt-gpg-pinentry works from command line.

plugins/enigma/config.inc.php.dist

@@ -12,8 +12,8 @@ $config['enigma_smime_driver'] = 'phpssl';
 // Enables logging of enigma operations (including Crypt_GPG debug info)
 $config['enigma_debug'] = false;
 
-// Keys directory for all users. Default 'enigma/home'.
-// Must be writeable by PHP process
+// REQUIRED! Keys directory for all users.
+// Must be writeable by PHP process, and not in the web server document root
 $config['enigma_pgp_homedir'] = null;
 
 // Location of gpg binary. By default it will be auto-detected.

plugins/enigma/home/.htaccess

@@ -1,7 +0,0 @@
-# deny webserver access to this directory
-<ifModule mod_authz_core.c>
-    Require all denied
-</ifModule>
-<ifModule !mod_authz_core.c>
-    Deny from all
-</ifModule>

plugins/enigma/lib/enigma_driver_gnupg.php

@@ -42,7 +42,7 @@ class enigma_driver_gnupg extends enigma_driver
      */
     function init()
     {
-        $homedir = $this->rc->config->get('enigma_pgp_homedir', INSTALL_PATH . 'plugins/enigma/home');
+        $homedir = $this->rc->config->get('enigma_pgp_homedir');
         $debug   = $this->rc->config->get('enigma_debug');
         $binary  = $this->rc->config->get('enigma_pgp_binary');
         $agent   = $this->rc->config->get('enigma_pgp_agent');