| Index: trunk/phase3/includes/db/DatabaseMssql.php |
| — | — | @@ -859,31 +859,55 @@ |
| 860 | 860 | } |
| 861 | 861 | |
| 862 | 862 | /** |
| 863 | | - * Initial setup as superuser. |
| 864 | | - * Create the database, schema, login, and user. |
| | 863 | + * Escapes a identifier for use inm SQL. |
| | 864 | + * Throws an exception if it is invalid. |
| | 865 | + * Reference: http://msdn.microsoft.com/en-us/library/aa224033%28v=SQL.80%29.aspx |
| 865 | 866 | */ |
| 866 | | - function initial_setup() { |
| 867 | | - global $conf; |
| | 867 | + private function escapeIdentifier( $identifier ) { |
| | 868 | + if ( strlen( $identifier ) == 0 ) { |
| | 869 | + throw new MWException( "An identifier must not be empty" ); |
| | 870 | + } |
| | 871 | + if ( strlen( $identifier ) > 128 ) { |
| | 872 | + throw new MWException( "The identifier '$identifier' is too long (max. 128)" ); |
| | 873 | + } |
| | 874 | + if ( ( strpos( $identifier, '[' ) !== false ) || ( strpos( $identifier, ']' ) !== false ) ) { |
| | 875 | + // It may be allowed if you quoted with double quotation marks, but that would break if QUOTED_IDENTIFIER is OFF |
| | 876 | + throw new MWException( "You can't use square brackers in the identifier '$identifier'" ); |
| | 877 | + } |
| | 878 | + return "[$identifier]"; |
| | 879 | + } |
| | 880 | + |
| | 881 | + /** |
| | 882 | + * Initial setup. |
| | 883 | + * Precondition: This object is connected as the superuser. |
| | 884 | + * Creates the database, schema, user and login. |
| | 885 | + */ |
| | 886 | + function initial_setup( $dbName, $newUser, $loginPassword ) { |
| | 887 | + $dbName = $this->escapeIdentifier( $dbName ); |
| | 888 | + |
| | 889 | + // It is not clear what can be used as a login, |
| | 890 | + // From http://msdn.microsoft.com/en-us/library/ms173463.aspx |
| | 891 | + // a sysname may be the same as an identifier. |
| | 892 | + $newUser = $this->escapeIdentifier( $newUser ); |
| | 893 | + $loginPassword = $this->addQuotes( $loginPassword ); |
| 868 | 894 | |
| 869 | | - // FIXME: fields need to be properly escaped. |
| 870 | | - |
| 871 | | - $this->doQuery("CREATE DATABASE {$conf->DBname};"); |
| 872 | | - $this->doQuery("USE {$conf->DBname};"); |
| 873 | | - $this->doQuery("CREATE SCHEMA {$conf->DBname};"); |
| | 895 | + $this->doQuery("CREATE DATABASE $dbName;"); |
| | 896 | + $this->doQuery("USE $dbName;"); |
| | 897 | + $this->doQuery("CREATE SCHEMA $dbName;"); |
| 874 | 898 | $this->doQuery(" |
| 875 | 899 | CREATE |
| 876 | | - LOGIN {$conf->DBuser} |
| | 900 | + LOGIN $newUser |
| 877 | 901 | WITH |
| 878 | | - PASSWORD='{$conf->DBpassword}' |
| | 902 | + PASSWORD=$loginPassword |
| 879 | 903 | ; |
| 880 | 904 | "); |
| 881 | 905 | $this->doQuery(" |
| 882 | 906 | CREATE |
| 883 | | - USER {$conf->DBuser} |
| | 907 | + USER $newUser |
| 884 | 908 | FOR |
| 885 | | - LOGIN {$conf->DBuser} |
| | 909 | + LOGIN $newUser |
| 886 | 910 | WITH |
| 887 | | - DEFAULT_SCHEMA={$conf->DBname} |
| | 911 | + DEFAULT_SCHEMA=$dbName |
| 888 | 912 | ; |
| 889 | 913 | "); |
| 890 | 914 | $this->doQuery(" |
| — | — | @@ -898,16 +922,16 @@ |
| 899 | 923 | CREATE VIEW, |
| 900 | 924 | CREATE FULLTEXT CATALOG |
| 901 | 925 | ON |
| 902 | | - DATABASE::{$conf->DBname} |
| 903 | | - TO {$conf->DBuser} |
| | 926 | + DATABASE::$dbName |
| | 927 | + TO $newUser |
| 904 | 928 | ; |
| 905 | 929 | "); |
| 906 | 930 | $this->doQuery(" |
| 907 | 931 | GRANT |
| 908 | 932 | CONTROL |
| 909 | 933 | ON |
| 910 | | - SCHEMA::{$conf->DBname} |
| 911 | | - TO {$conf->DBuser} |
| | 934 | + SCHEMA::$dbName |
| | 935 | + TO $newUser |
| 912 | 936 | ; |
| 913 | 937 | "); |
| 914 | 938 | |
| Index: trunk/phase3/config/Installer.php |
| — | — | @@ -920,7 +920,6 @@ |
| 921 | 921 | if( !$ok ) { continue; } |
| 922 | 922 | } |
| 923 | 923 | else if ( $conf->DBtype == 'mssql' ) { |
| 924 | | - error_reporting( E_ALL ); |
| 925 | 924 | # Possible connect as a superuser |
| 926 | 925 | if ( $useRoot ) { |
| 927 | 926 | echo( "<li>Attempting to connect to database \"{$conf->DBtype}\" as superuser \"{$conf->RootUser}\"" ); |
| — | — | @@ -939,7 +938,7 @@ |
| 940 | 939 | $errs['RootPW'] = 'and password'; |
| 941 | 940 | continue; |
| 942 | 941 | } |
| 943 | | - $wgDatabase->initial_setup( $conf->RootPW, $conf->DBtype ); |
| | 942 | + $wgDatabase->initial_setup( $conf->DBname, $conf->DBuser, $conf->DBpassword ); |
| 944 | 943 | } |
| 945 | 944 | echo( "<li>Attempting to connect to database \"{$wgDBname}\" as \"{$wgDBuser}\"..." ); |
| 946 | 945 | $wgDatabase = $dbc->newFromParams( |