mirror of
https://github.com/silverstripe/silverstripe-sqlite3
synced 2024-10-22 17:05:37 +02:00
ENHANCEMENT Better validation checks in SQLiteDatabaseConfigurationHelper
This commit is contained in:
parent
4443df5171
commit
204e3efd38
@ -60,31 +60,44 @@ class SQLiteDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
|
|||||||
$success = false;
|
$success = false;
|
||||||
$error = '';
|
$error = '';
|
||||||
|
|
||||||
|
// arg validation
|
||||||
|
if(!isset($databaseConfig['path']) || !$databaseConfig['path']) return array(
|
||||||
|
'success' => false,
|
||||||
|
'error' => sprintf('Invalid path: "%s"', $databaseConfig['path'])
|
||||||
|
);
|
||||||
$path = $databaseConfig['path'];
|
$path = $databaseConfig['path'];
|
||||||
if($path && $databaseConfig['database']) {
|
|
||||||
// create and secure db directory
|
|
||||||
if(!file_exists($path)) {
|
|
||||||
self::create_db_dir($path);
|
|
||||||
}
|
|
||||||
self::secure_db_dir($path);
|
|
||||||
|
|
||||||
$file = $path . '/' . $databaseConfig['database'];
|
if(!isset($databaseConfig['database']) || !$databaseConfig['database']) return array(
|
||||||
$file = preg_replace('/\/$/', '', $file);
|
'success' => false,
|
||||||
|
'error' => sprintf('Invalid database name: "%s"', $databaseConfig['database'])
|
||||||
|
);
|
||||||
|
|
||||||
if($databaseConfig['type'] == 'SQLitePDODatabase' || version_compare(phpversion(), '5.3.0', '<')) {
|
// create and secure db directory
|
||||||
$conn = @(new PDO("sqlite:$file"));
|
$dirCreated = self::create_db_dir($path);
|
||||||
} else {
|
if(!$dirCreated) return array(
|
||||||
$conn = @(new SQLite3($file, SQLITE3_OPEN_READWRITE | SQLITE3_OPEN_CREATE));
|
'success' => false,
|
||||||
}
|
'error' => sprintf('Cannot create path: "%s"', $path)
|
||||||
|
);
|
||||||
|
$dirSecured = self::secure_db_dir($path);
|
||||||
|
if(!$dirSecured) return array(
|
||||||
|
'success' => false,
|
||||||
|
'error' => sprintf('Cannot secure path through .htaccess: "%s"', $path)
|
||||||
|
);
|
||||||
|
|
||||||
if($conn) {
|
$file = $path . '/' . $databaseConfig['database'];
|
||||||
$success = true;
|
$file = preg_replace('/\/$/', '', $file);
|
||||||
} else {
|
|
||||||
$success = false;
|
if($databaseConfig['type'] == 'SQLitePDODatabase' || version_compare(phpversion(), '5.3.0', '<')) {
|
||||||
$error = '';
|
$conn = @(new PDO("sqlite:$file"));
|
||||||
}
|
} else {
|
||||||
|
$conn = @(new SQLite3($file, SQLITE3_OPEN_READWRITE | SQLITE3_OPEN_CREATE));
|
||||||
|
}
|
||||||
|
|
||||||
|
if($conn) {
|
||||||
|
$success = true;
|
||||||
} else {
|
} else {
|
||||||
$success = false;
|
$success = false;
|
||||||
|
$error = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -150,6 +163,6 @@ class SQLiteDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
|
|||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public static function secure_db_dir($path) {
|
public static function secure_db_dir($path) {
|
||||||
file_put_contents($path . '/.htaccess', 'deny from all');
|
return (is_writeable($path)) ? file_put_contents($path . '/.htaccess', 'deny from all') : false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user