r2469 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r2468‎ \| r2469 \| r2470 >
Date:	13:03, 11 February 2004
Author:	timstarling
Status:	old
Tags:
Comment:	Specia:Asksql security fix, Special:Asksql query timeout feature
Modified paths:	/trunk/phase3/includes/Database.php (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/OutputPage.php (modified) (history) /trunk/phase3/includes/SpecialAsksql.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialAsksql.php
—	—	@@ -60,7 +60,7 @@
61	61	{
62	62	global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath, $wgLang;
63	63	global $wpSqlQuery;
64		~~- global $wgDBsqluser, $wgDBsqlpassword;~~
	64	+ global $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname, $wgSqlTimeout;
65	65
66	66	# Use a limit, folks!
67	67	$wpSqlQuery = trim( $wpSqlQuery );
—	—	@@ -68,19 +68,24 @@
69	69	and !preg_match( "/LIMIT/i", $wpSqlQuery ) ) {
70	70	$wpSqlQuery .= " LIMIT 100";
71	71	}
72		~~- $connection = wfGetDB( $wgDBsqluser, $wgDBsqlpassword );~~
	72	+ $conn = Database::newFromParams( $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname );
	73	+
73	74	$this->logQuery( $wpSqlQuery );
74		~~- $res = wfQuery( $wpSqlQuery, DB_WRITE, "SpecialAsksql::doSubmit" );~~
	75	+
	76	+ # Start timer, will kill the DB thread in $wgSqlTimeout seconds
	77	+ $conn->startTimer( $wgSqlTimeout );
	78	+ $res = $conn->query( $wpSqlQuery, "SpecialAsksql::doSubmit" );
	79	+ $conn->stopTimer();
75	80	$this->logFinishedQuery();
76	81
77	82	$n = 0;
78		~~- @$n = wfNumFields( $res );~~
	83	+ @$n = $conn->numFields( $res );
79	84	$titleList = false;
80	85
81	86	if ( $n ) {
82	87	$k = array();
83	88	for ( $x = 0; $x < $n; ++$x ) {
84		~~- array_push( $k, wfFieldName( $res, $x ) );~~
	89	+ array_push( $k, $conn->fieldName( $res, $x ) );
85	90	}
86	91
87	92	if ( $n == 2 && in_array( "cur_title", $k ) && in_array( "cur_namespace", $k ) ) {
—	—	@@ -88,10 +93,10 @@
89	94	}
90	95
91	96	$a = array();
92		~~- while ( $s = wfFetchObject( $res ) ) {~~
	97	+ while ( $s = $conn->fetchObject( $res ) ) {
93	98	array_push( $a, $s );
94	99	}
95		~~- wfFreeResult( $res );~~
	100	+ $conn->freeResult( $res );
96	101
97	102	if ( $titleList ) {
98	103	$r = "";
Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -40,6 +40,7 @@
41	41	$wgDBminWordLen = 4;
42	42	$wgDBtransactions = false; # Set to true if using InnoDB tables
43	43	$wgDBmysql4 = false; # Set to true to use enhanced fulltext search
	44	+$wgSqlTimeout = 30;
44	45
45	46	# Database load balancer
46	47	$wgDBservers = false; # e.g. array("larousse", "pliny")
Index: trunk/phase3/includes/OutputPage.php
—	—	@@ -465,7 +465,7 @@
466	466	$this->returnToMain();
467	467	}
468	468
469		~~- function databaseError( $fname )~~
	469	+ function databaseError( $fname, &$conn )
470	470	{
471	471	global $wgUser, $wgCommandLineMode;
472	472
—	—	@@ -479,10 +479,10 @@
480	480	$msg = wfMsgNoDB( "dberrortext" );
481	481	}
482	482
483		~~- $msg = str_replace( "$1", htmlspecialchars( wfLastDBquery() ), $msg );~~
	483	+ $msg = str_replace( "$1", htmlspecialchars( $conn->lastQuery() ), $msg );
484	484	$msg = str_replace( "$2", htmlspecialchars( $fname ), $msg );
485		~~- $msg = str_replace( "$3", wfLastErrno(), $msg );~~
486		~~- $msg = str_replace( "$4", htmlspecialchars( wfLastError() ), $msg );~~
	485	+ $msg = str_replace( "$3", $conn->lastErrno(), $msg );
	486	+ $msg = str_replace( "$4", htmlspecialchars( $conn->lastError() ), $msg );
487	487
488	488	if ( $wgCommandLineMode \|\| !is_object( $wgUser )) {
489	489	print "$msg\n";
Index: trunk/phase3/includes/Database.php
—	—	@@ -173,7 +173,8 @@
174	174	} else {
175	175	wfDebug("SQL ERROR: " . mysql_error( $this->mConn ) . "\n");
176	176	if ( $this->mOut ) {
177		~~- $this->mOut->databaseError( $fname ); // calls wfAbruptExit()~~
	177	+ // this calls wfAbruptExit()
	178	+ $this->mOut->databaseError( $fname, $this );
178	179	}
179	180	}
180	181	}
—	—	@@ -385,6 +386,21 @@
386	387	$this->mDatabase = $db;
387	388	mysql_select_db( $db, $this->mConn );
388	389	}
	390	+
	391	+ function startTimer( $timeout )
	392	+ {
	393	+ $thisdir = dirname( getenv( "SCRIPT_FILENAME" ) );
	394	+ $tid = mysql_thread_id( $this->mConn );
	395	+ $this->mTimerProc = popen( "php $thisdir/killthread.php $timeout $tid &", "w" );
	396	+ }
	397	+
	398	+ function stopTimer()
	399	+ {
	400	+ if ( $this->mTimerProc ) {
	401	+ pclose( $this->mTimerProc );
	402	+ }
	403	+ }
	404	+
389	405	}
390	406
391	407	#------------------------------------------------------------------------------

Status & tagging log

22:22, 12 October 2010 Reedy (talk | contribs) changed the status of r2469 [removed: new added: old]