r46889 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r46888‎ \| r46889 \| r46890 >
Date:	03:46, 6 February 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	More installer XSS
Modified paths:	/trunk/phase3/config/index.php (modified) (history) /trunk/phase3/includes/db/DatabasePostgres.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/db/DatabasePostgres.php
—	—	@@ -208,10 +208,10 @@
209	209	$version = $this->getServerVersion();
210	210	$PGMINVER = '8.1';
211	211	if ($version < $PGMINVER) {
212		~~- print "<b>FAILED</b>. Required version is $PGMINVER. You have $version</li>\n";~~
	212	+ print "<b>FAILED</b>. Required version is $PGMINVER. You have " . htmlspecialchars( $version ) . "</li>\n";
213	213	dieout("</ul>");
214	214	}
215		~~- print "version $this->numeric_version is OK.</li>\n";~~
	215	+ print "version " . htmlspecialchars( $this->numeric_version ) . " is OK.</li>\n";
216	216
217	217	$safeuser = $this->quote_ident($wgDBuser);
218	218	// Are we connecting as a superuser for the first time?
—	—	@@ -225,7 +225,7 @@
226	226	FROM pg_catalog.pg_user WHERE usename = " . $this->addQuotes($wgDBsuperuser);
227	227	$rows = $this->numRows($res = $this->doQuery($SQL));
228	228	if (!$rows) {
229		~~- print "<li>ERROR: Could not read permissions for user \"$wgDBsuperuser\"</li>\n";~~
	229	+ print "<li>ERROR: Could not read permissions for user \"" . htmlspecialchars( $wgDBsuperuser ) . "\"</li>\n";
230	230	dieout('</ul>');
231	231	}
232	232	$perms = pg_fetch_result($res, 0, 0);
—	—	@@ -233,15 +233,15 @@
234	234	$SQL = "SELECT 1 FROM pg_catalog.pg_user WHERE usename = " . $this->addQuotes($wgDBuser);
235	235	$rows = $this->numRows($this->doQuery($SQL));
236	236	if ($rows) {
237		~~- print "<li>User \"$wgDBuser\" already exists, skipping account creation.</li>";~~
	237	+ print "<li>User \"" . htmlspecialchars( $wgDBuser ) . "\" already exists, skipping account creation.</li>";
238	238	}
239	239	else {
240	240	if ($perms != 1 and $perms != 3) {
241		~~- print "<li>ERROR: the user \"$wgDBsuperuser\" cannot create other users. ";~~
	241	+ print "<li>ERROR: the user \"" . htmlspecialchars( $wgDBsuperuser ) . "\" cannot create other users. ";
242	242	print 'Please use a different Postgres user.</li>';
243	243	dieout('</ul>');
244	244	}
245		~~- print "<li>Creating user <b>$wgDBuser</b>...";~~
	245	+ print "<li>Creating user <b>" . htmlspecialchars( $wgDBuser ) . "</b>...";
246	246	$safepass = $this->addQuotes($wgDBpassword);
247	247	$SQL = "CREATE USER $safeuser NOCREATEDB PASSWORD $safepass";
248	248	$this->doQuery($SQL);
—	—	@@ -252,15 +252,15 @@
253	253	$SQL = "SELECT 1 FROM pg_catalog.pg_database WHERE datname = " . $this->addQuotes($wgDBname);
254	254	$rows = $this->numRows($this->doQuery($SQL));
255	255	if ($rows) {
256		~~- print "<li>Database \"$wgDBname\" already exists, skipping database creation.</li>";~~
	256	+ print "<li>Database \"" . htmlspecialchars( $wgDBname ) . "\" already exists, skipping database creation.</li>";
257	257	}
258	258	else {
259	259	if ($perms < 2) {
260		~~- print "<li>ERROR: the user \"$wgDBsuperuser\" cannot create databases. ";~~
	260	+ print "<li>ERROR: the user \"" . htmlspecialchars( $wgDBsuperuser ) . "\" cannot create databases. ";
261	261	print 'Please use a different Postgres user.</li>';
262	262	dieout('</ul>');
263	263	}
264		~~- print "<li>Creating database <b>$wgDBname</b>...";~~
	264	+ print "<li>Creating database <b>" . htmlspecialchars( $wgDBname ) . "</b>...";
265	265	$safename = $this->quote_ident($wgDBname);
266	266	$SQL = "CREATE DATABASE $safename OWNER $safeuser ";
267	267	$this->doQuery($SQL);
—	—	@@ -269,17 +269,21 @@
270	270	}
271	271
272	272	// Reconnect to check out tsearch2 rights for this user
273		~~- print "<li>Connecting to \"$wgDBname\" as superuser \"$wgDBsuperuser\" to check rights...";~~
	273	+ print "<li>Connecting to \"" . htmlspecialchars( $wgDBname ) . "\" as superuser \"" .
	274	+ htmlspecialchars( $wgDBsuperuser ) . "\" to check rights...";
274	275
275		~~- $hstring="";~~
	276	+ $connectVars = array();
276	277	if ($this->mServer!=false && $this->mServer!="") {
277		~~- $hstring="host=$this->mServer ";~~
	278	+ $connectVars['host'] = $this->mServer;
278	279	}
279	280	if ($this->mPort!=false && $this->mPort!="") {
280		~~- $hstring .= "port=$this->mPort ";~~
	281	+ $connectVars['port'] = $this->mPort;
281	282	}
	283	+ $connectVars['dbname'] = $wgDBname;
	284	+ $connectVars['user'] = $wgDBsuperuser;
	285	+ $connectVars['password'] = $password;
282	286
283		~~- @$this->mConn = pg_connect("$hstring dbname=$wgDBname user=$wgDBsuperuser password=$password");~~
	287	+ @$this->mConn = pg_connect( $this->makeConnectionString( $connectVars ) );
284	288	if ( $this->mConn == false ) {
285	289	print "<b>FAILED TO CONNECT!</b></li>";
286	290	dieout("</ul>");
—	—	@@ -289,15 +293,18 @@
290	294
291	295	if ($this->numeric_version < 8.3) {
292	296	// Tsearch2 checks
293		~~- print "<li>Checking that tsearch2 is installed in the database \"$wgDBname\"...";~~
	297	+ print "<li>Checking that tsearch2 is installed in the database \"" .
	298	+ htmlspecialchars( $wgDBname ) . "\"...";
294	299	if (! $this->tableExists("pg_ts_cfg", $wgDBts2schema)) {
295		~~- print "<b>FAILED</b>. tsearch2 must be installed in the database \"$wgDBname\".";~~
	300	+ print "<b>FAILED</b>. tsearch2 must be installed in the database \"" .
	301	+ htmlspecialchars( $wgDBname ) . "\".";
296	302	print "Please see <a href='http://www.devx.com/opensource/Article/21674/0/page/2'>this article</a>";
297	303	print " for instructions or ask on #postgresql on irc.freenode.net</li>\n";
298	304	dieout("</ul>");
299	305	}
300	306	print "OK</li>\n";
301		~~- print "<li>Ensuring that user \"$wgDBuser\" has select rights on the tsearch2 tables...";~~
	307	+ print "<li>Ensuring that user \"" . htmlspecialchars( $wgDBuser ) .
	308	+ "\" has select rights on the tsearch2 tables...";
302	309	foreach (array('cfg','cfgmap','dict','parser') as $table) {
303	310	$SQL = "GRANT SELECT ON pg_ts_$table TO $safeuser";
304	311	$this->doQuery($SQL);
—	—	@@ -309,7 +316,7 @@
310	317	$result = $this->schemaExists($wgDBmwschema);
311	318	$safeschema = $this->quote_ident($wgDBmwschema);
312	319	if (!$result) {
313		~~- print "<li>Creating schema <b>$wgDBmwschema</b> ...";~~
	320	+ print "<li>Creating schema <b>" . htmlspecialchars( $wgDBmwschema ) . "</b> ...";
314	321	$result = $this->doQuery("CREATE SCHEMA $safeschema AUTHORIZATION $safeuser");
315	322	if (!$result) {
316	323	print "<b>FAILED</b>.</li>\n";
—	—	@@ -355,7 +362,7 @@
356	363
357	364	if ($this->numeric_version < 8.3) {
358	365	// Do we have the basic tsearch2 table?
359		~~- print "<li>Checking for tsearch2 in the schema \"$wgDBts2schema\"...";~~
	366	+ print "<li>Checking for tsearch2 in the schema \"" . htmlspecialchars( $wgDBts2schema ) . "\"...";
360	367	if (! $this->tableExists("pg_ts_dict", $wgDBts2schema)) {
361	368	print "<b>FAILED</b>. Make sure tsearch2 is installed. See <a href=";
362	369	print "'http://www.devx.com/opensource/Article/21674/0/page/2'>this article</a>";
—	—	@@ -375,12 +382,13 @@
376	383	$SQL = "SELECT count(*) FROM $safetsschema.pg_ts_$tname";
377	384	$res = $this->doQuery($SQL);
378	385	if (!$res) {
379		~~- print "<b>FAILED</b> to access pg_ts_$tname. Make sure that the user ".~~
380		~~- "\"$wgDBuser\" has SELECT access to all four tsearch2 tables</li>\n";~~
	386	+ print "<b>FAILED</b> to access " . htmlspecialchars( "pg_ts_$tname" ) .
	387	+ ". Make sure that the user \"". htmlspecialchars( $wgDBuser ) .
	388	+ "\" has SELECT access to all four tsearch2 tables</li>\n";
381	389	dieout("</ul>");
382	390	}
383	391	}
384		~~- $SQL = "SELECT ts_name FROM $safetsschema.pg_ts_cfg WHERE locale = '$ctype'";~~
	392	+ $SQL = "SELECT ts_name FROM $safetsschema.pg_ts_cfg WHERE locale = " . $this->addQuotes( $ctype ) ;
385	393	$SQL .= " ORDER BY CASE WHEN ts_name <> 'default' THEN 1 ELSE 0 END";
386	394	$res = $this->doQuery($SQL);
387	395	error_reporting( E_ALL );
—	—	@@ -391,28 +399,30 @@
392	400	print "OK</li>";
393	401
394	402	// Will the current locale work? Can we force it to?
395		~~- print "<li>Verifying tsearch2 locale with $ctype...";~~
	403	+ print "<li>Verifying tsearch2 locale with " . htmlspecialchars( $ctype ) . "...";
396	404	$rows = $this->numRows($res);
397	405	$resetlocale = 0;
398	406	if (!$rows) {
399	407	print "<b>not found</b></li>\n";
400		~~- print "<li>Attempting to set default tsearch2 locale to \"$ctype\"...";~~
	408	+ print "<li>Attempting to set default tsearch2 locale to \"" . htmlspecialchars( $ctype ) . "\"...";
401	409	$resetlocale = 1;
402	410	}
403	411	else {
404	412	$tsname = pg_fetch_result($res, 0, 0);
405	413	if ($tsname != 'default') {
406		~~- print "<b>not set to default ($tsname)</b>";~~
407		~~- print "<li>Attempting to change tsearch2 default locale to \"$ctype\"...";~~
	414	+ print "<b>not set to default (" . htmlspecialchars( $tsname ) . ")</b>";
	415	+ print "<li>Attempting to change tsearch2 default locale to \"" .
	416	+ htmlspecialchars( $ctype ) . "\"...";
408	417	$resetlocale = 1;
409	418	}
410	419	}
411	420	if ($resetlocale) {
412		~~- $SQL = "UPDATE $safetsschema.pg_ts_cfg SET locale = '$ctype' WHERE ts_name = 'default'";~~
	421	+ $SQL = "UPDATE $safetsschema.pg_ts_cfg SET locale = " . $this->addQuotes( $ctype ) . " WHERE ts_name = 'default'";
413	422	$res = $this->doQuery($SQL);
414	423	if (!$res) {
415	424	print "<b>FAILED</b>. ";
416		~~- print "Please make sure that the locale in pg_ts_cfg for \"default\" is set to \"$ctype\"</li>\n";~~
	425	+ print "Please make sure that the locale in pg_ts_cfg for \"default\" is set to \"" .
	426	+ htmlspecialchars( $ctype ) . "\"</li>\n";
417	427	dieout("</ul>");
418	428	}
419	429	print "OK</li>";
—	—	@@ -422,7 +432,7 @@
423	433	$SQL = "SELECT $safetsschema.to_tsvector('default','MediaWiki tsearch2 testing')";
424	434	$res = $this->doQuery($SQL);
425	435	if (!$res) {
426		~~- print "<b>FAILED</b>. Specifically, \"$SQL\" did not work.</li>";~~
	436	+ print "<b>FAILED</b>. Specifically, \"" . htmlspecialchars( $SQL ) . "\" did not work.</li>";
427	437	dieout("</ul>");
428	438	}
429	439	print "OK</li>";
—	—	@@ -434,28 +444,32 @@
435	445	// Does the schema already exist? Who owns it?
436	446	$result = $this->schemaExists($wgDBmwschema);
437	447	if (!$result) {
438		~~- print "<li>Creating schema <b>$wgDBmwschema</b> ...";~~
	448	+ print "<li>Creating schema <b>" . htmlspecialchars( $wgDBmwschema ) . "</b> ...";
439	449	error_reporting( 0 );
440	450	$safeschema = $this->quote_ident($wgDBmwschema);
441	451	$result = $this->doQuery("CREATE SCHEMA $safeschema");
442	452	error_reporting( E_ALL );
443	453	if (!$result) {
444		~~- print "<b>FAILED</b>. The user \"$wgDBuser\" must be able to access the schema. ".~~
	454	+ print "<b>FAILED</b>. The user \"" . htmlspecialchars( $wgDBuser ) .
	455	+ "\" must be able to access the schema. ".
445	456	"You can try making them the owner of the database, or try creating the schema with a ".
446		~~- "different user, and then grant access to the \"$wgDBuser\" user.</li>\n";~~
	457	+ "different user, and then grant access to the \"" .
	458	+ htmlspecialchars( $wgDBuser ) . "\" user.</li>\n";
447	459	dieout("</ul>");
448	460	}
449	461	print "OK</li>\n";
450	462	}
451	463	else if ($result != $wgDBuser) {
452		~~- print "<li>Schema \"$wgDBmwschema\" exists but is not owned by \"$wgDBuser\". Not ideal.</li>\n";~~
	464	+ print "<li>Schema \"" . htmlspecialchars( $wgDBmwschema ) . "\" exists but is not owned by \"" .
	465	+ htmlspecialchars( $wgDBuser ) . "\". Not ideal.</li>\n";
453	466	}
454	467	else {
455		~~- print "<li>Schema \"$wgDBmwschema\" exists and is owned by \"$wgDBuser\". Excellent.</li>\n";~~
	468	+ print "<li>Schema \"" . htmlspecialchars( $wgDBmwschema ) . "\" exists and is owned by \"" .
	469	+ htmlspecialchars( $wgDBuser ) . "\". Excellent.</li>\n";
456	470	}
457	471
458	472	// Always return GMT time to accomodate the existing integer-based timestamp assumption
459		~~- print "<li>Setting the timezone to GMT for user \"$wgDBuser\" ...";~~
	473	+ print "<li>Setting the timezone to GMT for user \"" . htmlspecialchars( $wgDBuser ) . "\" ...";
460	474	$SQL = "ALTER USER $safeuser SET timezone = 'GMT'";
461	475	$result = pg_query($this->mConn, $SQL);
462	476	if (!$result) {
—	—	@@ -471,7 +485,7 @@
472	486	dieout("</ul>");
473	487	}
474	488
475		~~- print "<li>Setting the datestyle to ISO, YMD for user \"$wgDBuser\" ...";~~
	489	+ print "<li>Setting the datestyle to ISO, YMD for user \"" . htmlspecialchars( $wgDBuser ) . "\" ...";
476	490	$SQL = "ALTER USER $safeuser SET datestyle = 'ISO, YMD'";
477	491	$result = pg_query($this->mConn, $SQL);
478	492	if (!$result) {
—	—	@@ -488,7 +502,7 @@
489	503	}
490	504
491	505	// Fix up the search paths if needed
492		~~- print "<li>Setting the search path for user \"$wgDBuser\" ...";~~
	506	+ print "<li>Setting the search path for user \"" . htmlspecialchars( $wgDBuser ) . "\" ...";
493	507	$path = $this->quote_ident($wgDBmwschema);
494	508	if ($wgDBts2schema !== $wgDBmwschema)
495	509	$path .= ", ". $this->quote_ident($wgDBts2schema);
—	—	@@ -529,12 +543,14 @@
530	544	$result = $this->doQuery("CREATE LANGUAGE plpgsql");
531	545	error_reporting($olde);
532	546	if (!$result) {
533		~~- print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>$wgDBname</tt></li>";~~
	547	+ print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>" .
	548	+ htmlspecialchars( $wgDBname ) . "</tt></li>";
534	549	dieout("</ul>");
535	550	}
536	551	}
537	552	else {
538		~~- print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>$wgDBname</tt></li>";~~
	553	+ print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>" .
	554	+ htmlspecialchars( $wgDBname ) . "</tt></li>";
539	555	dieout("</ul>");
540	556	}
541	557	}
—	—	@@ -1229,7 +1245,8 @@
1230	1246	$res = $this->doQuery($SQL);
1231	1247	error_reporting( $olde );
1232	1248	if (!$res) {
1233		~~- print "<b>FAILED</b>. Make sure that the user \"$wgDBuser\" can write to the schema \"$wgDBmwschema\"</li>\n";~~
	1249	+ print "<b>FAILED</b>. Make sure that the user \"" . htmlspecialchars( $wgDBuser ) .
	1250	+ "\" can write to the schema \"" . htmlspecialchars( $wgDBmwschema ) . "\"</li>\n";
1234	1251	dieout("</ul>");
1235	1252	}
1236	1253	$this->doQuery("DROP TABLE $safeschema.$ctest");
—	—	@@ -1244,11 +1261,11 @@
1245	1262	$tss = $this->addQuotes($wgDBts2schema);
1246	1263	$pgp = $this->addQuotes($wgDBport);
1247	1264	$dbn = $this->addQuotes($this->mDBname);
1248		~~- $ctype = pg_fetch_result($this->doQuery("SHOW lc_ctype"),0,0);~~
	1265	+ $ctype = $this->addQuotes( pg_fetch_result($this->doQuery("SHOW lc_ctype"),0,0) );
1249	1266
1250	1267	$SQL = "UPDATE mediawiki_version SET mw_version=$mwv, pg_version=$pgv, pg_user=$pgu, ".
1251	1268	"mw_schema = $mws, ts2_schema = $tss, pg_port=$pgp, pg_dbname=$dbn, ".
1252		~~- "ctype = '$ctype' ".~~
	1269	+ "ctype = $ctype ".
1253	1270	"WHERE type = 'Creation'";
1254	1271	$this->query($SQL);
1255	1272
Index: trunk/phase3/config/index.php
—	—	@@ -2013,7 +2013,7 @@
2014	2014	fclose( $fp );
2015	2015	}
2016	2016	if ( !$errstr ) {
2017		~~- echo "<li>Connected to memcached on $host:$port successfully";~~
	2017	+ echo "<li>Connected to memcached on " . htmlspecialchars( "$host:$port" ) ." successfully</li>";
2018	2018	}
2019	2019	return $errstr;
2020	2020	}

Follow-up revisions

Revision	Commit summary	Author	Date
r46891	Backported r46840, r46843, r46889	tstarling	04:54, 6 February 2009
r46892	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	05:05, 6 February 2009
r46898	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	05:47, 6 February 2009
r46899	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	06:29, 6 February 2009

Status & tagging log

00:20, 14 September 2011 Meno25 (talk | contribs) changed the status of r46889 [removed: old added: deferred]