aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFerdinand Thiessen <opensource@fthiessen.de>2024-03-21 18:59:36 +0100
committerFerdinand Thiessen <opensource@fthiessen.de>2024-03-25 23:55:04 +0100
commit2cabc708fbb2aab8e0f6d90155bd253041767f39 (patch)
treebe5953582e24e523e86f7280d31730842ceac07d
parent08444f45f12bb3906ffa9cd45b721f258a7a6f4b (diff)
downloadnextcloud-server-2cabc708fbb2aab8e0f6d90155bd253041767f39.tar.gz
nextcloud-server-2cabc708fbb2aab8e0f6d90155bd253041767f39.zip
fix(DB): Sanitize `host` parameter for postgres databases when IPv6 address is passed
Doctrine is using `pg_connect` with the `host` parameter, this does not allow IPv6 addresses in URI notation. So we need to extract the IP address and pass it directly Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
-rw-r--r--config/config.sample.php6
-rw-r--r--lib/private/DB/ConnectionFactory.php10
2 files changed, 13 insertions, 3 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 3ee52c0fd73..fa9f178524b 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -112,9 +112,9 @@ $CONFIG = [
/**
* Your host server name, for example ``localhost``, ``hostname``,
- * ``hostname.example.com``, or the IP address. To specify a port use
- * ``hostname:####``; to specify a Unix socket use
- * ``/path/to/directory/containing/socket`` e.g. ``/run/postgresql/``.
+ * ``hostname.example.com``, or the IP address.
+ * To specify a port use ``hostname:####``, for IPv6 addresses use the URI notation ``[ip]:port``.
+ * To specify a Unix socket use ``/path/to/directory/containing/socket``, e.g. ``/run/postgresql/``.
*/
'dbhost' => '',
diff --git a/lib/private/DB/ConnectionFactory.php b/lib/private/DB/ConnectionFactory.php
index 4b286ff5442..11b17795634 100644
--- a/lib/private/DB/ConnectionFactory.php
+++ b/lib/private/DB/ConnectionFactory.php
@@ -132,6 +132,7 @@ class ConnectionFactory {
$eventManager->addEventSubscriber(
new SQLSessionInit("SET SESSION AUTOCOMMIT=1"));
break;
+
case 'oci':
$eventManager->addEventSubscriber(new OracleSessionInit);
// the driverOptions are unused in dbal and need to be mapped to the parameters
@@ -151,6 +152,15 @@ class ConnectionFactory {
unset($additionalConnectionParams['host']);
break;
+ case 'pgsql':
+ // pg_connect used by Doctrine DBAL does not support URI notation (enclosed in brackets)
+ $matches = [];
+ if (preg_match('/^\[([^\]]+)\]$/', $additionalConnectionParams['host'], $matches)) {
+ // Host variable carries a port or socket.
+ $additionalConnectionParams['host'] = $matches[1];
+ }
+ break;
+
case 'sqlite3':
$journalMode = $additionalConnectionParams['sqlite.journal_mode'];
$additionalConnectionParams['platform'] = new OCSqlitePlatform();