Revision 1885
Added by Dietmar over 11 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
=============================================================================== |
13 | 13 |
|
14 |
11 Mar-2013 Build 1885 Dietmar Woellbrink (Luisehahne) |
|
15 |
# protect magic setter to fix security issue in WbDatabase |
|
16 |
+ additional arguments for Charset and TablePrefix in WbDatabase::doConnect |
|
17 |
+ WbDatabase now can activate SET NAMES by doConnect argument |
|
18 |
+ WbDatabase now provide TablePrefix property also (WbDatabase::TablePrefix) |
|
19 |
+ initialize.php now also support Charset and TablePrefix settings from setup.ini.php |
|
20 |
! in setup.ini.php some keys are renamed (WB_URL => AppUrl and ADMIN_DIRECTORY => AcpDir) |
|
14 | 21 |
10 Mar-2013 Build 1884 Dietmar Woellbrink (Luisehahne) |
15 | 22 |
! from security reasons the new installation has changed |
16 | 23 |
from the old config.php into new setup.ini.php without |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1884');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1885');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/framework/WbDatabase.php | ||
---|---|---|
32 | 32 |
*/ |
33 | 33 |
|
34 | 34 |
/* -------------------------------------------------------- */ |
35 |
define('DATABASE_CLASS_LOADED', true); |
|
35 |
@define('DATABASE_CLASS_LOADED', true);
|
|
36 | 36 |
|
37 | 37 |
class WbDatabase { |
38 | 38 |
|
39 | 39 |
private static $_oInstances = array(); |
40 | 40 |
|
41 |
private $_db_handle = null; // readonly from outside |
|
42 |
private $_db_name = ''; |
|
43 |
private $connected = false; |
|
44 |
private $error = ''; |
|
45 |
private $error_type = ''; |
|
46 |
private $iQueryCount= 0; |
|
41 |
private $_db_handle = null; // readonly from outside |
|
42 |
private $_db_name = ''; |
|
43 |
protected $sTablePrefix = ''; |
|
44 |
protected $sCharset = 'utf8'; |
|
45 |
protected $connected = false; |
|
46 |
protected $error = ''; |
|
47 |
protected $error_type = ''; |
|
48 |
protected $iQueryCount = 0; |
|
47 | 49 |
|
48 | 50 |
/* prevent from public instancing */ |
49 | 51 |
protected function __construct() {} |
... | ... | |
81 | 83 |
* Example for SQL-Url: 'mysql://user:password@demo.de[:3306]/datenbank' |
82 | 84 |
*/ |
83 | 85 |
public function doConnect($url = '') { |
86 |
$this->connected = false; |
|
84 | 87 |
if($url != '') { |
85 | 88 |
$aIni = parse_url($url); |
86 | 89 |
|
... | ... | |
91 | 94 |
$hostport = isset($aIni['port']) ? $aIni['port'] : '3306'; |
92 | 95 |
$hostport = $hostport == '3306' ? '' : ':'.$hostport; |
93 | 96 |
$db_name = ltrim(isset($aIni['path']) ? $aIni['path'] : '', '/\\'); |
97 |
$sTmp = isset($aIni['query']) ? $aIni['query'] : ''; |
|
98 |
$aQuery = explode('&', $sTmp); |
|
99 |
foreach($aQuery as $sArgument) { |
|
100 |
$aArg = explode('=', $sArgument); |
|
101 |
switch(strtolower($aArg[0])) { |
|
102 |
case 'charset': |
|
103 |
$this->sCharset = strtolower(preg_replace('/[^a-z0-9]/i', '', $aArg[1])); |
|
104 |
break; |
|
105 |
case 'tableprefix': |
|
106 |
$this->sTablePrefix = $aArg[1]; |
|
107 |
break; |
|
108 |
default: |
|
109 |
break; |
|
110 |
} |
|
111 |
} |
|
94 | 112 |
$this->_db_name = $db_name; |
95 | 113 |
}else { |
96 |
throw new RuntimeException('Missing parameter: unable to connect database');
|
|
114 |
throw new WbDatabaseException('Missing parameter: unable to connect database');
|
|
97 | 115 |
} |
98 |
$this->_db_handle = mysql_connect($hostname.$hostport, |
|
116 |
$this->_db_handle = @mysql_connect($hostname.$hostport,
|
|
99 | 117 |
$username, |
100 | 118 |
$password); |
101 | 119 |
if(!$this->_db_handle) { |
102 |
throw new RuntimeException('unable to connect \''.$scheme.'://'.
|
|
120 |
throw new WbDatabaseException('unable to connect \''.$scheme.'://'.
|
|
103 | 121 |
$hostname.$hostport.'\''); |
104 | 122 |
} else { |
105 |
if(!mysql_select_db($db_name)) { |
|
106 |
throw new RuntimeException('unable to select database \''.$db_name.
|
|
123 |
if(!@mysql_select_db($db_name)) {
|
|
124 |
throw new WbDatabaseException('unable to select database \''.$db_name.
|
|
107 | 125 |
'\' on \''.$scheme.'://'. |
108 | 126 |
$hostname.$hostport.'\''); |
109 | 127 |
} else { |
128 |
if($this->sCharset) { |
|
129 |
@mysql_query('SET NAMES \''.$this->sCharset.'\''); |
|
130 |
} |
|
110 | 131 |
$this->connected = true; |
111 | 132 |
} |
112 | 133 |
} |
... | ... | |
170 | 191 |
public function get_error() { |
171 | 192 |
return $this->error; |
172 | 193 |
} |
173 |
|
|
174 |
// Return escape_string |
|
175 | 194 |
/** |
176 |
* escape a string for use in DB |
|
177 |
* @param string |
|
178 |
* @return string |
|
195 |
* Protect class from property injections |
|
196 |
* @param string name of property |
|
197 |
* @param mixed value |
|
198 |
* @throws WbDatabaseException |
|
179 | 199 |
*/ |
180 |
public function escapeString($string) {
|
|
181 |
return mysql_real_escape_string($string, $this->_db_handle);
|
|
200 |
public function __set($name, $value) {
|
|
201 |
throw new WbDatabaseException('tried to set a readonly or nonexisting property ['.$name.']!! ');
|
|
182 | 202 |
} |
183 |
|
|
184 | 203 |
/** |
185 | 204 |
* default Getter for some properties |
186 | 205 |
* @param string name of the Property |
... | ... | |
195 | 214 |
$retval = $this->_db_handle; |
196 | 215 |
break; |
197 | 216 |
case 'LastInsertId': |
217 |
case 'getLastInsertId': |
|
198 | 218 |
$retval = mysql_insert_id($this->_db_handle); |
199 | 219 |
break; |
200 | 220 |
case 'db_name': |
... | ... | |
202 | 222 |
case 'getDbName': |
203 | 223 |
$retval = $this->_db_name; |
204 | 224 |
break; |
225 |
case 'TablePrefix': |
|
226 |
case 'getTablePrefix': |
|
227 |
$retval = $this->sTablePrefix; |
|
228 |
break; |
|
205 | 229 |
case 'getQueryCount': |
206 | 230 |
$retval = $this->iQueryCount; |
207 | 231 |
break; |
... | ... | |
211 | 235 |
endswitch; |
212 | 236 |
return $retval; |
213 | 237 |
} // __get() |
214 |
|
|
238 |
/** |
|
239 |
* Escapes special characters in a string for use in an SQL statement |
|
240 |
* @param string $unescaped_string |
|
241 |
* @return string |
|
242 |
*/ |
|
243 |
public function escapeString($unescaped_string) |
|
244 |
{ |
|
245 |
return mysql_real_escape_string($unescaped_string, $this->_db_handle); |
|
246 |
} |
|
247 |
/** |
|
248 |
* Last inserted Id |
|
249 |
* @return bool|int false on error, 0 if no record inserted |
|
250 |
*/ |
|
251 |
public function getLastInsertId() |
|
252 |
{ |
|
253 |
return mysql_insert_id($this->_db_handle); |
|
254 |
} |
|
215 | 255 |
/* |
216 | 256 |
* @param string full name of the table (incl. TABLE_PREFIX) |
217 | 257 |
* @param string name of the field to seek for |
... | ... | |
223 | 263 |
$query = $this->query($sql, $this->_db_handle); |
224 | 264 |
return ($query->numRows() != 0); |
225 | 265 |
} |
226 |
|
|
227 | 266 |
/* |
228 | 267 |
* @param string full name of the table (incl. TABLE_PREFIX) |
229 | 268 |
* @param string name of the index to seek for |
... | ... | |
322 | 361 |
public function index_add($table_name, $index_name, $field_list, $index_type = 'KEY') |
323 | 362 |
{ |
324 | 363 |
$retval = false; |
325 |
$field_list = str_replace(' ', '', $field_list); |
|
326 |
$field_list = explode(',', $field_list); |
|
364 |
$field_list = explode(',', (str_replace(' ', '', $field_list))); |
|
327 | 365 |
$number_fields = sizeof($field_list); |
328 | 366 |
$field_list = '`'.implode('`,`', $field_list).'`'; |
329 | 367 |
$index_name = $index_type == 'PRIMARY' ? $index_type : $index_name; |
... | ... | |
421 | 459 |
|
422 | 460 |
|
423 | 461 |
} /// end of class database |
462 |
// //////////////////////////////////////////////////////////////////////////////////// // |
|
463 |
/** |
|
464 |
* WbDatabaseException |
|
465 |
* |
|
466 |
* @category Core |
|
467 |
* @package Core_database |
|
468 |
* @author Werner v.d.Decken <wkl@isteam.de> |
|
469 |
* @copyright Werner v.d.Decken <wkl@isteam.de> |
|
470 |
* @license http://www.gnu.org/licenses/gpl.html GPL License |
|
471 |
* @version 2.9.0 |
|
472 |
* @revision $Revision$ |
|
473 |
* @lastmodified $Date$ |
|
474 |
* @description Exceptionhandler for the WbDatabase and depending classes |
|
475 |
*/ |
|
476 |
class WbDatabaseException extends AppException {} |
|
424 | 477 |
|
425 | 478 |
define('MYSQL_SEEK_FIRST', 0); |
426 | 479 |
define('MYSQL_SEEK_LAST', -1); |
... | ... | |
469 | 522 |
} |
470 | 523 |
|
471 | 524 |
} |
472 |
|
|
525 |
// //////////////////////////////////////////////////////////////////////////////////// // |
|
473 | 526 |
/* this function is placed inside this file temporarely until a better place is found */ |
474 | 527 |
/* function to update a var/value-pair(s) in table **************************** |
475 | 528 |
* nonexisting keys are inserted |
branches/2.8.x/wb/framework/initialize.php | ||
---|---|---|
114 | 114 |
if(is_readable($sSetupFile)) { |
115 | 115 |
$aCfg = parse_ini_file($sSetupFile, true); |
116 | 116 |
foreach($aCfg['Constants'] as $key=>$value) { |
117 |
if($key == 'debug') { $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); } |
|
118 |
if(!defined(strtoupper($key))) { define(strtoupper($key), $value); } |
|
117 |
switch($key): |
|
118 |
case 'DEBUG': |
|
119 |
$value = filter_var($value, FILTER_VALIDATE_BOOLEAN); |
|
120 |
break; |
|
121 |
case 'WB_URL': |
|
122 |
case 'AppUrl': |
|
123 |
$value = trim(str_replace('\\', '/', $value), '/'); |
|
124 |
if(!defined('WB_URL')) { define('WB_URL', $value); } |
|
125 |
break; |
|
126 |
case 'ADMIN_DIRECTORY': |
|
127 |
case 'AcpDir': |
|
128 |
$value = trim(str_replace('\\', '/', $value), '/'); |
|
129 |
if(!defined('ADMIN_DIRECTORY')) { define('ADMIN_DIRECTORY', $value); } |
|
130 |
break; |
|
131 |
default: |
|
132 |
if(!defined($key)) { define($key, $value); } |
|
133 |
break; |
|
134 |
endswitch; |
|
119 | 135 |
} |
120 | 136 |
$db = $aCfg['DataBase']; |
121 | 137 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
... | ... | |
135 | 151 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
136 | 152 |
}else { // $sRetvalType == 'url' |
137 | 153 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
138 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']; |
|
154 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name'] |
|
155 |
. '?Charset='.$db['charset'].'&TablePrefix='.$db['table_prefix']; |
|
139 | 156 |
} |
140 | 157 |
unset($db, $aCfg); |
141 | 158 |
return $aRetval; |
... | ... | |
159 | 176 |
} |
160 | 177 |
// load db configuration --- |
161 | 178 |
if(defined('DB_TYPE')) { |
162 |
$aSqlData = array( 0 => DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.'/'.DB_NAME); |
|
179 |
$sTmp = ($sTmp=((defined('DB_PORT') && DB_PORT !='') ? DB_PORT : '')) ? ':'.$sTmp : ''; |
|
180 |
$sTmp = DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.$sTmp.'/'.DB_NAME.'?Charset='; |
|
181 |
$sTmp .= (defined('DB_CHARSET') ? DB_CHARSET : '').'&TablePrefix='.TABLE_PREFIX; |
|
182 |
$aSqlData = array( 0 => $sTmp); |
|
163 | 183 |
}else { |
164 | 184 |
$aSqlData = readConfiguration($sDbConnectType); |
165 | 185 |
} |
... | ... | |
193 | 213 |
if($sDbConnectType == 'dsn') { |
194 | 214 |
$bTmp = $database->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]); |
195 | 215 |
}else { |
196 |
$bTmp = $database->doConnect($aSqlData[0], TABLE_PREFIX);
|
|
216 |
$bTmp = $database->doConnect($aSqlData[0]); |
|
197 | 217 |
} |
198 | 218 |
unset($aSqlData); |
199 | 219 |
// load global settings from database and define global consts from --- |
... | ... | |
316 | 336 |
// load and activate new global translation table |
317 | 337 |
Translate::getInstance()->initialize('en', |
318 | 338 |
(defined('DEFAULT_LANGUAGE') ? DEFAULT_LANGUAGE : ''), |
319 |
(defined('LANGUAGE') ? LANGUAGE : '') |
|
339 |
(defined('LANGUAGE') ? LANGUAGE : ''), |
|
340 |
'WbOldStyle', |
|
341 |
(DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0) |
|
320 | 342 |
); |
321 | 343 |
// *** END OF FILE *********************************************************************** |
322 | 344 |
|
branches/2.8.x/wb/install/save.php | ||
---|---|---|
93 | 93 |
if(is_readable($sSetupFile)) { |
94 | 94 |
$aCfg = parse_ini_file($sSetupFile, true); |
95 | 95 |
foreach($aCfg['Constants'] as $key=>$value) { |
96 |
if($key == 'debug') { $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); } |
|
97 |
if(!defined(strtoupper($key))) { define(strtoupper($key), $value); } |
|
96 |
switch($key): |
|
97 |
case 'DEBUG': |
|
98 |
$value = filter_var($value, FILTER_VALIDATE_BOOLEAN); |
|
99 |
break; |
|
100 |
case 'WB_URL': |
|
101 |
case 'AppUrl': |
|
102 |
$value = trim(str_replace('\\', '/', $value), '/'); |
|
103 |
if(!defined('WB_URL')) { define('WB_URL', $value); } |
|
104 |
break; |
|
105 |
case 'ADMIN_DIRECTORY': |
|
106 |
case 'AcpDir': |
|
107 |
$value = trim(str_replace('\\', '/', $value), '/'); |
|
108 |
if(!defined('ADMIN_DIRECTORY')) { define('ADMIN_DIRECTORY', $value); } |
|
109 |
break; |
|
110 |
default: |
|
111 |
if(!defined($key)) { define($key, $value); } |
|
112 |
break; |
|
113 |
endswitch; |
|
98 | 114 |
} |
99 | 115 |
$db = $aCfg['DataBase']; |
100 | 116 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
... | ... | |
114 | 130 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
115 | 131 |
}else { // $sRetvalType == 'url' |
116 | 132 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
117 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']; |
|
133 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name'] |
|
134 |
. '?Charset='.$db['charset'].'&TablePrefix='.$db['table_prefix']; |
|
118 | 135 |
} |
119 | 136 |
unset($db, $aCfg); |
120 | 137 |
return $aRetval; |
... | ... | |
243 | 260 |
$wb_url = $_POST['wb_url']; |
244 | 261 |
} |
245 | 262 |
// Remove any slashes at the end of the URL |
246 |
$wb_url = rtrim($wb_url,'/\\');
|
|
263 |
$wb_url = trim(str_replace('\\', '/', $wb_url), '/').'/';
|
|
247 | 264 |
// Get the default time zone |
248 | 265 |
if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) { |
249 | 266 |
set_error('Please select a valid default timezone', 'default_timezone'); |
... | ... | |
378 | 395 |
."; auto generated ".date('Y-m-d h:i:s A e ')."\n" |
379 | 396 |
.";################################################\n" |
380 | 397 |
."[Constants]\n" |
381 |
."debug = false\n"
|
|
382 |
."wb_url = ".$wb_url."\n"
|
|
383 |
."admin_directory = admin\n"
|
|
398 |
."DEBUG = false\n"
|
|
399 |
."AppUrl = ".$wb_url."\n"
|
|
400 |
."AcpDir = admin/\n"
|
|
384 | 401 |
.";##########\n" |
385 | 402 |
."[DataBase]\n" |
386 | 403 |
."type = \"mysql\"\n" |
... | ... | |
427 | 444 |
}else { |
428 | 445 |
$bTmp = @$database->doConnect($aSqlData[0], TABLE_PREFIX); |
429 | 446 |
} |
430 |
} catch (RuntimeException $e) {
|
|
447 |
} catch (WbDatabaseException $e) {
|
|
431 | 448 |
if(!file_put_contents($sConfigFile,"<?php\n")) { |
432 | 449 |
set_error("Cannot write to the configuration file ($sSetupFile)"); |
433 | 450 |
} |
branches/2.8.x/wb/install/index.php | ||
---|---|---|
103 | 103 |
if(is_writeable($sConfigFile)) |
104 | 104 |
{ |
105 | 105 |
// already installed? it's not empty |
106 |
if ( filesize($sConfigFile) > 128)
|
|
106 |
if ( filesize($sConfigFile) > 100)
|
|
107 | 107 |
{ |
108 | 108 |
$config = '<font class="bad">Already installed? Check!</font>'; |
109 | 109 |
// try to open and to write |
... | ... | |
277 | 277 |
} else { |
278 | 278 |
$config = $sTmp; |
279 | 279 |
} |
280 |
$sConfigFile = preg_match('/(?:rename)/i',$config) ? $sConfigFile : 'setup.ini.php';
|
|
280 |
$sConfigFile = preg_match('/(?:rename)/i',$config) ? $sConfigFile : 'config.php';
|
|
281 | 281 |
$installFlag = $installFlag && ($sTmp == ''); |
282 | 282 |
?> |
283 | 283 |
<tr> |
Also available in: Unified diff
+ additional arguments for Charset and TablePrefix in WbDatabase::doConnect
+ WbDatabase now can activate SET NAMES by doConnect argument
+ WbDatabase now provide TablePrefix property also (WbDatabase::TablePrefix)
+ initialize.php now also support Charset and TablePrefix settings from setup.ini.php
! in setup.ini.php some keys are renamed (WB_URL => AppUrl and ADMIN_DIRECTORY => AcpDir)