diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-21 18:59:36 +0100 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-25 20:25:17 +0100 |
| commit | 2525e73caacd272ca0e7833f9a5b60d15cd1bfea (patch) | |
| tree | d19433a6dfb96874042600ea1772cff920c53fea | |
| parent | ae19e949edabd0f76bf909a8df0ff4b049fc2b7b (diff) | |
| download | nextcloud-server-2525e73caacd272ca0e7833f9a5b60d15cd1bfea.tar.gz nextcloud-server-2525e73caacd272ca0e7833f9a5b60d15cd1bfea.zip | |
fix(DB): Sanitize `host` parameter for postgres databases when IPv6 address is passed
Doctrine is using `pg_connect` with the `host` parameter, this does not allow IPv6 addresses in URI notation.
So we need to extract the IP address and pass it directly
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| -rw-r--r-- | config/config.sample.php | 6 | ||||
| -rw-r--r-- | lib/private/DB/ConnectionFactory.php | 9 |
2 files changed, 12 insertions, 3 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index e09b0904808..3fe70e8d783 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -112,9 +112,9 @@ $CONFIG = [ /** * Your host server name, for example ``localhost``, ``hostname``, - * ``hostname.example.com``, or the IP address. To specify a port use - * ``hostname:####``; to specify a Unix socket use - * ``/path/to/directory/containing/socket`` e.g. ``/run/postgresql/``. + * ``hostname.example.com``, or the IP address. + * To specify a port use ``hostname:####``, for IPv6 addresses use the URI notation ``[ip]:port``. + * To specify a Unix socket use ``/path/to/directory/containing/socket``, e.g. ``/run/postgresql/``. */ 'dbhost' => '', diff --git a/lib/private/DB/ConnectionFactory.php b/lib/private/DB/ConnectionFactory.php index e868f18ec34..c7a558e5879 100644 --- a/lib/private/DB/ConnectionFactory.php +++ b/lib/private/DB/ConnectionFactory.php @@ -128,6 +128,15 @@ class ConnectionFactory { $eventManager->addEventSubscriber(new SetTransactionIsolationLevel()); $additionalConnectionParams = array_merge($this->createConnectionParams(), $additionalConnectionParams); switch ($normalizedType) { + case 'pgsql': + // pg_connect used by Doctrine DBAL does not support URI notation (enclosed in brackets) + $matches = []; + if (preg_match('/^\[([^\]]+)\]$/', $additionalConnectionParams['host'], $matches)) { + // Host variable carries a port or socket. + $additionalConnectionParams['host'] = $matches[1]; + } + break; + case 'oci': $eventManager->addEventSubscriber(new OracleSessionInit); // the driverOptions are unused in dbal and need to be mapped to the parameters |