diff options
author | Morris Jobke <hey@morrisjobke.de> | 2017-09-27 10:17:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-27 10:17:36 +0200 |
commit | b87914be9c9452c0a05ecadf6b26001b7fdb5333 (patch) | |
tree | c7e79fcb6c020e6686f54ef646a00d02f587e94e | |
parent | b30b4cddd93b64df41127ba97581044f938091f1 (diff) | |
parent | fe3b2385ab836024963853437fc7406bdacd1e7e (diff) | |
download | nextcloud-server-b87914be9c9452c0a05ecadf6b26001b7fdb5333.tar.gz nextcloud-server-b87914be9c9452c0a05ecadf6b26001b7fdb5333.zip |
Merge pull request #6645 from nextcloud/fix-6642-only-colons-for-ipv6
Only allow colons in db host for IPv6 addresses
-rw-r--r-- | lib/private/Setup.php | 111 |
1 files changed, 63 insertions, 48 deletions
diff --git a/lib/private/Setup.php b/lib/private/Setup.php index 521a8f75f8e..5228d52b05f 100644 --- a/lib/private/Setup.php +++ b/lib/private/Setup.php @@ -42,6 +42,8 @@ namespace OC; use bantu\IniGetWrapper\IniGetWrapper; use Exception; use OC\App\AppStore\Bundles\BundleFetcher; +use OC\Authentication\Token\DefaultTokenCleanupJob; +use OC\Authentication\Token\DefaultTokenProvider; use OCP\Defaults; use OCP\IL10N; use OCP\ILogger; @@ -84,7 +86,7 @@ class Setup { $this->random = $random; } - static $dbSetupClasses = [ + static protected $dbSetupClasses = [ 'mysql' => \OC\Setup\MySQL::class, 'pgsql' => \OC\Setup\PostgreSQL::class, 'oci' => \OC\Setup\OCI::class, @@ -127,33 +129,33 @@ class Setup { * @throws Exception */ public function getSupportedDatabases($allowAllDatabases = false) { - $availableDatabases = array( - 'sqlite' => array( + $availableDatabases = [ + 'sqlite' => [ 'type' => 'pdo', 'call' => 'sqlite', - 'name' => 'SQLite' - ), - 'mysql' => array( + 'name' => 'SQLite', + ], + 'mysql' => [ 'type' => 'pdo', 'call' => 'mysql', - 'name' => 'MySQL/MariaDB' - ), - 'pgsql' => array( + 'name' => 'MySQL/MariaDB', + ], + 'pgsql' => [ 'type' => 'pdo', 'call' => 'pgsql', - 'name' => 'PostgreSQL' - ), - 'oci' => array( + 'name' => 'PostgreSQL', + ], + 'oci' => [ 'type' => 'function', 'call' => 'oci_connect', - 'name' => 'Oracle' - ) - ); + 'name' => 'Oracle', + ], + ]; if ($allowAllDatabases) { $configuredDatabases = array_keys($availableDatabases); } else { $configuredDatabases = $this->config->getValue('supportedDatabases', - array('sqlite', 'mysql', 'pgsql')); + ['sqlite', 'mysql', 'pgsql']); } if(!is_array($configuredDatabases)) { throw new Exception('Supported databases are not properly configured.'); @@ -170,7 +172,7 @@ class Setup { if ($type === 'function') { $working = $this->is_callable($call); } elseif($type === 'pdo') { - $working = in_array($call, $this->getAvailableDbDriversForPdo(), TRUE); + $working = in_array($call, $this->getAvailableDbDriversForPdo(), true); } if($working) { $supportedDatabases[$database] = $availableDatabases[$database]['name']; @@ -193,7 +195,7 @@ class Setup { $dataDir = $this->config->getValue('datadirectory', \OC::$SERVERROOT.'/data'); - $errors = array(); + $errors = []; // Create data directory to test whether the .htaccess works // Notice that this is not necessarily the same data directory as the one @@ -204,40 +206,40 @@ class Setup { $htAccessWorking = true; if (is_dir($dataDir) && is_writable($dataDir)) { // Protect data directory here, so we can test if the protection is working - \OC\Setup::protectDataDirectory(); + self::protectDataDirectory(); try { $util = new \OC_Util(); $htAccessWorking = $util->isHtaccessWorking(\OC::$server->getConfig()); } catch (\OC\HintException $e) { - $errors[] = array( + $errors[] = [ 'error' => $e->getMessage(), - 'hint' => $e->getHint() - ); + 'hint' => $e->getHint(), + ]; $htAccessWorking = false; } } if (\OC_Util::runningOnMac()) { - $errors[] = array( + $errors[] = [ 'error' => $this->l10n->t( 'Mac OS X is not supported and %s will not work properly on this platform. ' . 'Use it at your own risk! ', [$this->defaults->getName()] ), - 'hint' => $this->l10n->t('For the best results, please consider using a GNU/Linux server instead.') - ); + 'hint' => $this->l10n->t('For the best results, please consider using a GNU/Linux server instead.'), + ]; } if($this->iniWrapper->getString('open_basedir') !== '' && PHP_INT_SIZE === 4) { - $errors[] = array( + $errors[] = [ 'error' => $this->l10n->t( 'It seems that this %s instance is running on a 32-bit PHP environment and the open_basedir has been configured in php.ini. ' . 'This will lead to problems with files over 4 GB and is highly discouraged.', [$this->defaults->getName()] ), - 'hint' => $this->l10n->t('Please remove the open_basedir setting within your php.ini or switch to 64-bit PHP.') - ); + 'hint' => $this->l10n->t('Please remove the open_basedir setting within your php.ini or switch to 64-bit PHP.'), + ]; } return array( @@ -286,14 +288,15 @@ class Setup { $error = array_merge($error, $dbSetup->validate($options)); // validate the data directory - if ( - (!is_dir($dataDir) and !mkdir($dataDir)) or - !is_writable($dataDir) - ) { + if ((!is_dir($dataDir) && !mkdir($dataDir)) || !is_writable($dataDir)) { $error[] = $l->t("Can't create or write into the data directory %s", array($dataDir)); } - if(count($error) != 0) { + if (!$this->validateDatabaseHost($options['dbhost'])) { + $error[] = $l->t('Given database host is invalid and must not contain the port: %s', [$options['dbhost']]); + } + + if (!empty($error)) { return $error; } @@ -308,8 +311,8 @@ class Setup { } //use sqlite3 when available, otherwise sqlite2 will be used. - if($dbType=='sqlite' and class_exists('SQLite3')) { - $dbType='sqlite3'; + if ($dbType === 'sqlite' && class_exists('SQLite3')) { + $dbType = 'sqlite3'; } //generate a random salt that is used to salt the local user passwords @@ -334,17 +337,17 @@ class Setup { // apply necessary migrations $dbSetup->runMigrations(); } catch (\OC\DatabaseSetupException $e) { - $error[] = array( + $error[] = [ 'error' => $e->getMessage(), - 'hint' => $e->getHint() - ); - return($error); + 'hint' => $e->getHint(), + ]; + return $error; } catch (Exception $e) { - $error[] = array( + $error[] = [ 'error' => 'Error while trying to create admin user: ' . $e->getMessage(), - 'hint' => '' - ); - return($error); + 'hint' => '', + ]; + return $error; } //create the user and group @@ -358,7 +361,7 @@ class Setup { $error[] = $exception->getMessage(); } - if(count($error) == 0) { + if (empty($error)) { $config = \OC::$server->getConfig(); $config->setAppValue('core', 'installedat', microtime(true)); $config->setAppValue('core', 'lastupdatedat', microtime(true)); @@ -389,8 +392,8 @@ class Setup { file_put_contents($config->getSystemValue('datadirectory', \OC::$SERVERROOT.'/data').'/.ocdata', ''); // Update .htaccess files - Setup::updateHtaccess(); - Setup::protectDataDirectory(); + self::updateHtaccess(); + self::protectDataDirectory(); self::installBackgroundJobs(); @@ -401,7 +404,7 @@ class Setup { // The token provider requires a working db, so it's not injected on setup /* @var $userSession User\Session */ $userSession = \OC::$server->getUserSession(); - $defaultTokenProvider = \OC::$server->query('OC\Authentication\Token\DefaultTokenProvider'); + $defaultTokenProvider = \OC::$server->query(DefaultTokenProvider::class); $userSession->setTokenProvider($defaultTokenProvider); $userSession->login($username, $password); $userSession->createSessionToken($request, $userSession->getUser()->getUID(), $username, $password); @@ -410,8 +413,20 @@ class Setup { return $error; } + /** + * @param string $host + * @return bool + */ + protected function validateDatabaseHost($host) { + if (strpos($host, ':') === false) { + return true; + } + + return filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false; + } + public static function installBackgroundJobs() { - \OC::$server->getJobList()->add('\OC\Authentication\Token\DefaultTokenCleanupJob'); + \OC::$server->getJobList()->add(DefaultTokenCleanupJob::class); } /** |