diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/DefaultSettings.php | 4 | ||||
| -rw-r--r-- | includes/GlobalFunctions.php | 15 | ||||
| -rw-r--r-- | includes/db/DatabasePostgres.php | 102 |
3 files changed, 77 insertions, 44 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index cb8bb001..aaf934f5 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -31,7 +31,7 @@ require_once( "$IP/includes/SiteConfiguration.php" ); $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.13.3'; +$wgVersion = '1.13.4'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; @@ -2290,7 +2290,7 @@ $wgAutoloadClasses = array(); * $wgExtensionCredits[$type][] = array( * 'name' => 'Example extension', * 'version' => 1.9, - * 'svn-revision' => '$LastChangedRevision: 44568 $', + * 'svn-revision' => '$LastChangedRevision: 46957 $', * 'author' => 'Foo Barstein', * 'url' => 'http://wwww.example.com/Example%20Extension/', * 'description' => 'An example extension', diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 26401bb4..d1336d47 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2769,6 +2769,21 @@ function wfWaitForSlaves( $maxLag ) { } } +/** + * Output some plain text in command-line mode or in the installer (updaters.inc). + * Do not use it in any other context, its behaviour is subject to change. + */ +function wfOut( $s ) { + static $lineStarted = false; + global $wgCommandLineMode; + if ( $wgCommandLineMode && !defined( 'MEDIAWIKI_INSTALL' ) ) { + echo $s; + } else { + echo htmlspecialchars( $s ); + } + flush(); +} + /** Generate a random 32-character hexadecimal token. * @param mixed $salt Some sort of salt, if necessary, to add to random characters before hashing. */ diff --git a/includes/db/DatabasePostgres.php b/includes/db/DatabasePostgres.php index 7d93fddf..8fd04cb6 100644 --- a/includes/db/DatabasePostgres.php +++ b/includes/db/DatabasePostgres.php @@ -198,10 +198,11 @@ class DatabasePostgres extends Database { $version = $this->getServerVersion(); $PGMINVER = '8.1'; if ($this->numeric_version < $PGMINVER) { - print "<b>FAILED</b>. Required version is $PGMINVER. You have $this->numeric_version ($version)</li>\n"; + print "<b>FAILED</b>. Required version is $PGMINVER. You have " . + htmlspecialchars( $this->numeric_version ) . " (" . htmlspecialchars( $version ) . ")</li>\n"; dieout("</ul>"); } - print "version $this->numeric_version is OK.</li>\n"; + print "version " . htmlspecialchars( $this->numeric_version ) . " is OK.</li>\n"; $safeuser = $this->quote_ident($wgDBuser); // Are we connecting as a superuser for the first time? @@ -215,7 +216,7 @@ class DatabasePostgres extends Database { FROM pg_catalog.pg_user WHERE usename = " . $this->addQuotes($wgDBsuperuser); $rows = $this->numRows($res = $this->doQuery($SQL)); if (!$rows) { - print "<li>ERROR: Could not read permissions for user \"$wgDBsuperuser\"</li>\n"; + print "<li>ERROR: Could not read permissions for user \"" . htmlspecialchars( $wgDBsuperuser ) . "\"</li>\n"; dieout('</ul>'); } $perms = pg_fetch_result($res, 0, 0); @@ -223,15 +224,15 @@ class DatabasePostgres extends Database { $SQL = "SELECT 1 FROM pg_catalog.pg_user WHERE usename = " . $this->addQuotes($wgDBuser); $rows = $this->numRows($this->doQuery($SQL)); if ($rows) { - print "<li>User \"$wgDBuser\" already exists, skipping account creation.</li>"; + print "<li>User \"" . htmlspecialchars( $wgDBuser ) . "\" already exists, skipping account creation.</li>"; } else { if ($perms != 1 and $perms != 3) { - print "<li>ERROR: the user \"$wgDBsuperuser\" cannot create other users. "; + print "<li>ERROR: the user \"" . htmlspecialchars( $wgDBsuperuser ) . "\" cannot create other users. "; print 'Please use a different Postgres user.</li>'; dieout('</ul>'); } - print "<li>Creating user <b>$wgDBuser</b>..."; + print "<li>Creating user <b>" . htmlspecialchars( $wgDBuser ) . "</b>..."; $safepass = $this->addQuotes($wgDBpassword); $SQL = "CREATE USER $safeuser NOCREATEDB PASSWORD $safepass"; $this->doQuery($SQL); @@ -242,15 +243,15 @@ class DatabasePostgres extends Database { $SQL = "SELECT 1 FROM pg_catalog.pg_database WHERE datname = " . $this->addQuotes($wgDBname); $rows = $this->numRows($this->doQuery($SQL)); if ($rows) { - print "<li>Database \"$wgDBname\" already exists, skipping database creation.</li>"; + print "<li>Database \"" . htmlspecialchars( $wgDBname ) . "\" already exists, skipping database creation.</li>"; } else { if ($perms < 2) { - print "<li>ERROR: the user \"$wgDBsuperuser\" cannot create databases. "; + print "<li>ERROR: the user \"" . htmlspecialchars( $wgDBsuperuser ) . "\" cannot create databases. "; print 'Please use a different Postgres user.</li>'; dieout('</ul>'); } - print "<li>Creating database <b>$wgDBname</b>..."; + print "<li>Creating database <b>" . htmlspecialchars( $wgDBname ) . "</b>..."; $safename = $this->quote_ident($wgDBname); $SQL = "CREATE DATABASE $safename OWNER $safeuser "; $this->doQuery($SQL); @@ -259,17 +260,21 @@ class DatabasePostgres extends Database { } // Reconnect to check out tsearch2 rights for this user - print "<li>Connecting to \"$wgDBname\" as superuser \"$wgDBsuperuser\" to check rights..."; + print "<li>Connecting to \"" . htmlspecialchars( $wgDBname ) . "\" as superuser \"" . + htmlspecialchars( $wgDBsuperuser ) . "\" to check rights..."; - $hstring=""; + $connectVars = array(); if ($this->mServer!=false && $this->mServer!="") { - $hstring="host=$this->mServer "; + $connectVars['host'] = $this->mServer; } if ($this->mPort!=false && $this->mPort!="") { - $hstring .= "port=$this->mPort "; + $connectVars['port'] = $this->mPort; } + $connectVars['dbname'] = $wgDBname; + $connectVars['user'] = $wgDBsuperuser; + $connectVars['password'] = $password; - @$this->mConn = pg_connect("$hstring dbname=$wgDBname user=$wgDBsuperuser password=$password"); + @$this->mConn = pg_connect( $this->makeConnectionString( $connectVars ) ); if ( $this->mConn == false ) { print "<b>FAILED TO CONNECT!</b></li>"; dieout("</ul>"); @@ -279,15 +284,18 @@ class DatabasePostgres extends Database { if ($this->numeric_version < 8.3) { // Tsearch2 checks - print "<li>Checking that tsearch2 is installed in the database \"$wgDBname\"..."; + print "<li>Checking that tsearch2 is installed in the database \"" . + htmlspecialchars( $wgDBname ) . "\"..."; if (! $this->tableExists("pg_ts_cfg", $wgDBts2schema)) { - print "<b>FAILED</b>. tsearch2 must be installed in the database \"$wgDBname\"."; + print "<b>FAILED</b>. tsearch2 must be installed in the database \"" . + htmlspecialchars( $wgDBname ) . "\"."; print "Please see <a href='http://www.devx.com/opensource/Article/21674/0/page/2'>this article</a>"; print " for instructions or ask on #postgresql on irc.freenode.net</li>\n"; dieout("</ul>"); } print "OK</li>\n"; - print "<li>Ensuring that user \"$wgDBuser\" has select rights on the tsearch2 tables..."; + print "<li>Ensuring that user \"" . htmlspecialchars( $wgDBuser ) . + "\" has select rights on the tsearch2 tables..."; foreach (array('cfg','cfgmap','dict','parser') as $table) { $SQL = "GRANT SELECT ON pg_ts_$table TO $safeuser"; $this->doQuery($SQL); @@ -299,7 +307,7 @@ class DatabasePostgres extends Database { $result = $this->schemaExists($wgDBmwschema); $safeschema = $this->quote_ident($wgDBmwschema); if (!$result) { - print "<li>Creating schema <b>$wgDBmwschema</b> ..."; + print "<li>Creating schema <b>" . htmlspecialchars( $wgDBmwschema ) . "</b> ..."; $result = $this->doQuery("CREATE SCHEMA $safeschema AUTHORIZATION $safeuser"); if (!$result) { print "<b>FAILED</b>.</li>\n"; @@ -345,7 +353,7 @@ class DatabasePostgres extends Database { if ($this->numeric_version < 8.3) { // Do we have the basic tsearch2 table? - print "<li>Checking for tsearch2 in the schema \"$wgDBts2schema\"..."; + print "<li>Checking for tsearch2 in the schema \"" . htmlspecialchars( $wgDBts2schema ) . "\"..."; if (! $this->tableExists("pg_ts_dict", $wgDBts2schema)) { print "<b>FAILED</b>. Make sure tsearch2 is installed. See <a href="; print "'http://www.devx.com/opensource/Article/21674/0/page/2'>this article</a>"; @@ -365,12 +373,13 @@ class DatabasePostgres extends Database { $SQL = "SELECT count(*) FROM $safetsschema.pg_ts_$tname"; $res = $this->doQuery($SQL); if (!$res) { - print "<b>FAILED</b> to access pg_ts_$tname. Make sure that the user ". - "\"$wgDBuser\" has SELECT access to all four tsearch2 tables</li>\n"; + print "<b>FAILED</b> to access " . htmlspecialchars( "pg_ts_$tname" ) . + ". Make sure that the user \"". htmlspecialchars( $wgDBuser ) . + "\" has SELECT access to all four tsearch2 tables</li>\n"; dieout("</ul>"); } } - $SQL = "SELECT ts_name FROM $safetsschema.pg_ts_cfg WHERE locale = '$ctype'"; + $SQL = "SELECT ts_name FROM $safetsschema.pg_ts_cfg WHERE locale = " . $this->addQuotes( $ctype ) ; $SQL .= " ORDER BY CASE WHEN ts_name <> 'default' THEN 1 ELSE 0 END"; $res = $this->doQuery($SQL); error_reporting( E_ALL ); @@ -381,28 +390,30 @@ class DatabasePostgres extends Database { print "OK</li>"; // Will the current locale work? Can we force it to? - print "<li>Verifying tsearch2 locale with $ctype..."; + print "<li>Verifying tsearch2 locale with " . htmlspecialchars( $ctype ) . "..."; $rows = $this->numRows($res); $resetlocale = 0; if (!$rows) { print "<b>not found</b></li>\n"; - print "<li>Attempting to set default tsearch2 locale to \"$ctype\"..."; + print "<li>Attempting to set default tsearch2 locale to \"" . htmlspecialchars( $ctype ) . "\"..."; $resetlocale = 1; } else { $tsname = pg_fetch_result($res, 0, 0); if ($tsname != 'default') { - print "<b>not set to default ($tsname)</b>"; - print "<li>Attempting to change tsearch2 default locale to \"$ctype\"..."; + print "<b>not set to default (" . htmlspecialchars( $tsname ) . ")</b>"; + print "<li>Attempting to change tsearch2 default locale to \"" . + htmlspecialchars( $ctype ) . "\"..."; $resetlocale = 1; } } if ($resetlocale) { - $SQL = "UPDATE $safetsschema.pg_ts_cfg SET locale = '$ctype' WHERE ts_name = 'default'"; + $SQL = "UPDATE $safetsschema.pg_ts_cfg SET locale = " . $this->addQuotes( $ctype ) . " WHERE ts_name = 'default'"; $res = $this->doQuery($SQL); if (!$res) { print "<b>FAILED</b>. "; - print "Please make sure that the locale in pg_ts_cfg for \"default\" is set to \"$ctype\"</li>\n"; + print "Please make sure that the locale in pg_ts_cfg for \"default\" is set to \"" . + htmlspecialchars( $ctype ) . "\"</li>\n"; dieout("</ul>"); } print "OK</li>"; @@ -412,7 +423,7 @@ class DatabasePostgres extends Database { $SQL = "SELECT $safetsschema.to_tsvector('default','MediaWiki tsearch2 testing')"; $res = $this->doQuery($SQL); if (!$res) { - print "<b>FAILED</b>. Specifically, \"$SQL\" did not work.</li>"; + print "<b>FAILED</b>. Specifically, \"" . htmlspecialchars( $SQL ) . "\" did not work.</li>"; dieout("</ul>"); } print "OK</li>"; @@ -424,28 +435,32 @@ class DatabasePostgres extends Database { // Does the schema already exist? Who owns it? $result = $this->schemaExists($wgDBmwschema); if (!$result) { - print "<li>Creating schema <b>$wgDBmwschema</b> ..."; + print "<li>Creating schema <b>" . htmlspecialchars( $wgDBmwschema ) . "</b> ..."; error_reporting( 0 ); $safeschema = $this->quote_ident($wgDBmwschema); $result = $this->doQuery("CREATE SCHEMA $safeschema"); error_reporting( E_ALL ); if (!$result) { - print "<b>FAILED</b>. The user \"$wgDBuser\" must be able to access the schema. ". + print "<b>FAILED</b>. The user \"" . htmlspecialchars( $wgDBuser ) . + "\" must be able to access the schema. ". "You can try making them the owner of the database, or try creating the schema with a ". - "different user, and then grant access to the \"$wgDBuser\" user.</li>\n"; + "different user, and then grant access to the \"" . + htmlspecialchars( $wgDBuser ) . "\" user.</li>\n"; dieout("</ul>"); } print "OK</li>\n"; } else if ($result != $wgDBuser) { - print "<li>Schema \"$wgDBmwschema\" exists but is not owned by \"$wgDBuser\". Not ideal.</li>\n"; + print "<li>Schema \"" . htmlspecialchars( $wgDBmwschema ) . "\" exists but is not owned by \"" . + htmlspecialchars( $wgDBuser ) . "\". Not ideal.</li>\n"; } else { - print "<li>Schema \"$wgDBmwschema\" exists and is owned by \"$wgDBuser\". Excellent.</li>\n"; + print "<li>Schema \"" . htmlspecialchars( $wgDBmwschema ) . "\" exists and is owned by \"" . + htmlspecialchars( $wgDBuser ) . "\". Excellent.</li>\n"; } // Always return GMT time to accomodate the existing integer-based timestamp assumption - print "<li>Setting the timezone to GMT for user \"$wgDBuser\" ..."; + print "<li>Setting the timezone to GMT for user \"" . htmlspecialchars( $wgDBuser ) . "\" ..."; $SQL = "ALTER USER $safeuser SET timezone = 'GMT'"; $result = pg_query($this->mConn, $SQL); if (!$result) { @@ -461,7 +476,7 @@ class DatabasePostgres extends Database { dieout("</ul>"); } - print "<li>Setting the datestyle to ISO, YMD for user \"$wgDBuser\" ..."; + print "<li>Setting the datestyle to ISO, YMD for user \"" . htmlspecialchars( $wgDBuser ) . "\" ..."; $SQL = "ALTER USER $safeuser SET datestyle = 'ISO, YMD'"; $result = pg_query($this->mConn, $SQL); if (!$result) { @@ -478,7 +493,7 @@ class DatabasePostgres extends Database { } // Fix up the search paths if needed - print "<li>Setting the search path for user \"$wgDBuser\" ..."; + print "<li>Setting the search path for user \"" . htmlspecialchars( $wgDBuser ) . "\" ..."; $path = $this->quote_ident($wgDBmwschema); if ($wgDBts2schema !== $wgDBmwschema) $path .= ", ". $this->quote_ident($wgDBts2schema); @@ -519,12 +534,14 @@ class DatabasePostgres extends Database { $result = $this->doQuery("CREATE LANGUAGE plpgsql"); error_reporting($olde); if (!$result) { - print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>$wgDBname</tt></li>"; + print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>" . + htmlspecialchars( $wgDBname ) . "</tt></li>"; dieout("</ul>"); } } else { - print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>$wgDBname</tt></li>"; + print "<b>FAILED</b>. You need to install the language plpgsql in the database <tt>" . + htmlspecialchars( $wgDBname ) . "</tt></li>"; dieout("</ul>"); } } @@ -1217,7 +1234,8 @@ END; $res = $this->doQuery($SQL); error_reporting( $olde ); if (!$res) { - print "<b>FAILED</b>. Make sure that the user \"$wgDBuser\" can write to the schema \"$wgDBmwschema\"</li>\n"; + print "<b>FAILED</b>. Make sure that the user \"" . htmlspecialchars( $wgDBuser ) . + "\" can write to the schema \"" . htmlspecialchars( $wgDBmwschema ) . "\"</li>\n"; dieout("</ul>"); } $this->doQuery("DROP TABLE $safeschema.$ctest"); @@ -1232,11 +1250,11 @@ END; $tss = $this->addQuotes($wgDBts2schema); $pgp = $this->addQuotes($wgDBport); $dbn = $this->addQuotes($this->mDBname); - $ctype = pg_fetch_result($this->doQuery("SHOW lc_ctype"),0,0); + $ctype = $this->addQuotes( pg_fetch_result($this->doQuery("SHOW lc_ctype"),0,0) ); $SQL = "UPDATE mediawiki_version SET mw_version=$mwv, pg_version=$pgv, pg_user=$pgu, ". "mw_schema = $mws, ts2_schema = $tss, pg_port=$pgp, pg_dbname=$dbn, ". - "ctype = '$ctype' ". + "ctype = $ctype ". "WHERE type = 'Creation'"; $this->query($SQL); |