diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-06-28 19:57:34 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-06-28 19:57:34 +0000 |
commit | 267ebfb7b61bd6a440e50649ebf6e3c1d36c9f84 (patch) | |
tree | 69f0b8531d81f07b3d61ba47e4721d4c1ac3c7b0 /includes | |
parent | 02b746382e55aa728760650eec2dd6f9a8e3239e (diff) | |
download | brdo-267ebfb7b61bd6a440e50649ebf6e3c1d36c9f84.tar.gz brdo-267ebfb7b61bd6a440e50649ebf6e3c1d36c9f84.tar.bz2 |
- Patch #195416 by Damien Tournoud, David Strauss: table prefixes should be per database connection.
Diffstat (limited to 'includes')
-rw-r--r-- | includes/bootstrap.inc | 62 | ||||
-rw-r--r-- | includes/common.inc | 17 | ||||
-rw-r--r-- | includes/database/database.inc | 152 | ||||
-rw-r--r-- | includes/database/mysql/schema.inc | 2 | ||||
-rw-r--r-- | includes/database/schema.inc | 4 | ||||
-rw-r--r-- | includes/errors.inc | 3 | ||||
-rw-r--r-- | includes/install.core.inc | 18 |
7 files changed, 181 insertions, 77 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index f1faa9a42..622914d65 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -560,7 +560,7 @@ function drupal_settings_initialize() { global $base_url, $base_path, $base_root; // Export the following settings.php variables to the global namespace - global $databases, $db_prefix, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url; + global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url; $conf = array(); if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) { @@ -2149,14 +2149,6 @@ function _drupal_bootstrap_page_cache() { * Bootstrap database: Initialize database system and register autoload functions. */ function _drupal_bootstrap_database() { - // The user agent header is used to pass a database prefix in the request when - // running tests. However, for security reasons, it is imperative that we - // validate we ourselves made the request. - if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE) && !drupal_valid_test_ua($_SERVER['HTTP_USER_AGENT'])) { - header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); - exit; - } - // Redirect the user to the installation script if Drupal has not been // installed yet (i.e., if no $databases array has been defined in the // settings.php file) and we are not already installing. @@ -2165,6 +2157,42 @@ function _drupal_bootstrap_database() { install_goto('install.php'); } + // The user agent header is used to pass a database prefix in the request when + // running tests. However, for security reasons, it is imperative that we + // validate we ourselves made the request. + if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) { + if (!drupal_valid_test_ua($_SERVER['HTTP_USER_AGENT'])) { + header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); + exit; + } + + // The first part of the user agent is the prefix itself. + $test_prefix = $matches[1]; + + // Set the test run id for use in other parts of Drupal. + $test_info = &$GLOBALS['drupal_test_info']; + $test_info['test_run_id'] = $test_prefix; + $test_info['in_child_site'] = TRUE; + + foreach ($GLOBALS['databases']['default'] as &$value) { + // Extract the current default database prefix. + if (!isset($value['prefix'])) { + $current_prefix = ''; + } + else if (is_array($value['prefix'])) { + $current_prefix = $value['prefix']['default']; + } + else { + $current_prefix = $value['prefix']; + } + + // Remove the current database prefix and replace it by our own. + $value['prefix'] = array( + 'default' => $current_prefix . $test_prefix, + ); + } + } + // Initialize the database system. Note that the connection // won't be initialized until it is actually requested. require_once DRUPAL_ROOT . '/includes/database/database.inc'; @@ -2222,15 +2250,15 @@ function drupal_get_bootstrap_phase() { * Validate the HMAC and timestamp of a user agent header from simpletest. */ function drupal_valid_test_ua($user_agent) { - global $databases; + global $drupal_hash_salt; list($prefix, $time, $salt, $hmac) = explode(';', $user_agent); $check_string = $prefix . ';' . $time . ';' . $salt; - // We use the database credentials from settings.php to make the HMAC key, since + // We use the salt from settings.php to make the HMAC key, since // the database is not yet initialized and we can't access any Drupal variables. // The file properties add more entropy not easily accessible to others. $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc'; - $key = serialize($databases) . filectime($filepath) . fileinode($filepath); + $key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath); // The HMAC must match. return $hmac == drupal_hmac_base64($check_string, $key); } @@ -2239,15 +2267,15 @@ function drupal_valid_test_ua($user_agent) { * Generate a user agent string with a HMAC and timestamp for simpletest. */ function drupal_generate_test_ua($prefix) { - global $databases; + global $drupal_hash_salt; static $key; if (!isset($key)) { - // We use the database credentials to make the HMAC key, since we - // check the HMAC before the database is initialized. filectime() - // and fileinode() are not easily determined from remote. + // We use the salt from settings.php to make the HMAC key, since + // the database is not yet initialized and we can't access any Drupal variables. + // The file properties add more entropy not easily accessible to others. $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc'; - $key = serialize($databases) . filectime($filepath) . fileinode($filepath); + $key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath); } // Generate a moderately secure HMAC based on the database credentials. $salt = uniqid('', TRUE); diff --git a/includes/common.inc b/includes/common.inc index 83da25e2b..ebc8c1c07 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -766,8 +766,6 @@ function drupal_access_denied() { * A string containing the response body that was received. */ function drupal_http_request($url, array $options = array()) { - global $db_prefix; - $result = new stdClass(); // Parse the URL and make sure we can handle the schema. @@ -867,8 +865,9 @@ function drupal_http_request($url, array $options = array()) { // user-agent is used to ensure that multiple testing sessions running at the // same time won't interfere with each other as they would if the database // prefix were stored statically in a file or database variable. - if (is_string($db_prefix) && preg_match("/simpletest\d+/", $db_prefix, $matches)) { - $options['headers']['User-Agent'] = drupal_generate_test_ua($matches[0]); + $test_info = &$GLOBALS['drupal_test_info']; + if (!empty($test_info['test_run_id'])) { + $options['headers']['User-Agent'] = drupal_generate_test_ua($test_info['test_run_id']); } $request = $options['method'] . ' ' . $path . " HTTP/1.0\r\n"; @@ -4505,13 +4504,15 @@ function _drupal_bootstrap_full() { module_load_all(); // Make sure all stream wrappers are registered. file_get_stream_wrappers(); - if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'simpletest') !== FALSE) { - // Valid SimpleTest user-agent, log fatal errors to test specific file - // directory. The user-agent is validated in DRUPAL_BOOTSTRAP_DATABASE - // phase so as long as it is a SimpleTest user-agent it is valid. + + $test_info = &$GLOBALS['drupal_test_info']; + if (!empty($test_info['in_child_site'])) { + // Running inside the simpletest child site, log fatal errors to test + // specific file directory. ini_set('log_errors', 1); ini_set('error_log', file_directory_path() . '/error.log'); } + // Initialize $_GET['q'] prior to invoking hook_init(). drupal_path_initialize(); // Set a custom theme for the current page, if there is one. We need to run diff --git a/includes/database/database.inc b/includes/database/database.inc index a4f00dc46..6b878d99f 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -259,7 +259,26 @@ abstract class DatabaseConnection extends PDO { */ protected $schema = NULL; + /** + * The default prefix used by this database connection. + * + * Separated from the other prefixes for performance reasons. + * + * @var string + */ + protected $defaultPrefix = ''; + + /** + * The non-default prefixes used by this database connection. + * + * @var array + */ + protected $prefixes = array(); + function __construct($dsn, $username, $password, $driver_options = array()) { + // Initialize and prepare the connection prefix. + $this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : ''); + // Because the other methods don't seem to work right. $driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; @@ -343,6 +362,25 @@ abstract class DatabaseConnection extends PDO { } /** + * Preprocess the prefixes used by this database connection. + * + * @param $prefix + * The prefixes, in any of the multiple forms documented in + * default.settings.php. + */ + protected function setPrefix($prefix) { + if (is_array($prefix)) { + $this->defaultPrefix = isset($prefix['default']) ? $prefix['default'] : ''; + unset($prefix['default']); + $this->prefixes = $prefix; + } + else { + $this->defaultPrefix = $prefix; + $this->prefixes = array(); + } + } + + /** * Appends a database prefix to all tables in a query. * * Queries sent to Drupal should wrap all table names in curly brackets. This @@ -357,27 +395,12 @@ abstract class DatabaseConnection extends PDO { * The properly-prefixed string. */ public function prefixTables($sql) { - global $db_prefix; - - if (is_array($db_prefix)) { - if (array_key_exists('default', $db_prefix)) { - $tmp = $db_prefix; - unset($tmp['default']); - foreach ($tmp as $key => $val) { - $sql = strtr($sql, array('{' . $key . '}' => $val . $key)); - } - return strtr($sql, array('{' => $db_prefix['default'] , '}' => '')); - } - else { - foreach ($db_prefix as $key => $val) { - $sql = strtr($sql, array('{' . $key . '}' => $val . $key)); - } - return strtr($sql, array('{' => '' , '}' => '')); - } - } - else { - return strtr($sql, array('{' => $db_prefix , '}' => '')); + // Replace specific table prefixes first. + foreach ($this->prefixes as $key => $val) { + $sql = strtr($sql, array('{' . $key . '}' => $val . $key)); } + // Then replace remaining tables with the default prefix. + return strtr($sql, array('{' => $this->defaultPrefix , '}' => '')); } /** @@ -387,17 +410,12 @@ abstract class DatabaseConnection extends PDO { * is not used in prefixTables due to performance reasons. */ public function tablePrefix($table = 'default') { - global $db_prefix; - if (is_array($db_prefix)) { - if (isset($db_prefix[$table])) { - return $db_prefix[$table]; - } - elseif (isset($db_prefix['default'])) { - return $db_prefix['default']; - } - return ''; + if (isset($this->prefixes[$table])) { + return $this->prefixes[$table]; + } + else { + return $this->defaultPrefix; } - return $db_prefix; } /** @@ -1314,6 +1332,20 @@ abstract class Database { if (empty($value['driver'])) { $database_info[$index][$target] = $database_info[$index][$target][mt_rand(0, count($database_info[$index][$target]) - 1)]; } + + // Parse the prefix information. + if (!isset($database_info[$index][$target]['prefix'])) { + // Default to an empty prefix. + $database_info[$index][$target]['prefix'] = array( + 'default' => '', + ); + } + else if (!is_array($database_info[$index][$target]['prefix'])) { + // Transform the flat form into an array form. + $database_info[$index][$target]['prefix'] = array( + 'default' => $database_info[$index][$target]['prefix'], + ); + } } } @@ -1373,7 +1405,58 @@ abstract class Database { if (!empty(self::$databaseInfo[$key])) { return self::$databaseInfo[$key]; } + } + + /** + * Rename a connection and its corresponding connection information. + * + * @param $old_key + * The old connection key. + * @param $new_key + * The new connection key. + * @return + * TRUE in case of success, FALSE otherwise. + */ + final public static function renameConnection($old_key, $new_key) { + if (empty(self::$databaseInfo)) { + self::parseConnectionInfo(); + } + if (!empty(self::$databaseInfo[$old_key]) && empty(self::$databaseInfo[$new_key])) { + // Migrate the database connection information. + self::$databaseInfo[$new_key] = self::$databaseInfo[$old_key]; + unset(self::$databaseInfo[$old_key]); + + // Migrate over the DatabaseConnection object if it exists. + if (isset(self::$connections[$old_key])) { + self::$connections[$new_key] = self::$connections[$old_key]; + unset(self::$connections[$old_key]); + } + + return TRUE; + } + else { + return FALSE; + } + } + + /** + * Remove a connection and its corresponding connection information. + * + * @param $key + * The connection key. + * @return + * TRUE in case of success, FALSE otherwise. + */ + final public static function removeConnection($key) { + if (isset(self::$databaseInfo[$key])) { + unset(self::$databaseInfo[$key]); + unset(self::$connections[$key]); + return TRUE; + } + else { + return FALSE; + } } /** @@ -1386,8 +1469,6 @@ abstract class Database { * The database target to open. */ final protected static function openConnection($key, $target) { - global $db_prefix; - if (empty(self::$databaseInfo)) { self::parseConnectionInfo(); } @@ -1415,13 +1496,6 @@ abstract class Database { $new_connection->setLogger(self::$logs[$key]); } - // We need to pass around the simpletest database prefix in the request - // and we put that in the user_agent header. The header HMAC was already - // validated in bootstrap.inc. - if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) { - $db_prefix_string = is_array($db_prefix) ? $db_prefix['default'] : $db_prefix; - $db_prefix = $db_prefix_string . $matches[1]; - } return $new_connection; } diff --git a/includes/database/mysql/schema.inc b/includes/database/mysql/schema.inc index 6a173d4fe..7be5d0280 100644 --- a/includes/database/mysql/schema.inc +++ b/includes/database/mysql/schema.inc @@ -25,7 +25,7 @@ class DatabaseSchema_mysql extends DatabaseSchema { const COMMENT_MAX_COLUMN = 255; /** - * Get information about the table and database name from the db_prefix. + * Get information about the table and database name from the prefix. * * @return * A keyed array with information about the database, table name and prefix. diff --git a/includes/database/schema.inc b/includes/database/schema.inc index 91503002f..07212418f 100644 --- a/includes/database/schema.inc +++ b/includes/database/schema.inc @@ -170,11 +170,11 @@ abstract class DatabaseSchema implements QueryPlaceholderInterface { } /** - * Get information about the table name and schema from the db_prefix. + * Get information about the table name and schema from the prefix. * * @param * Name of table to look prefix up for. Defaults to 'default' because thats - * default key for db_prefix. + * default key for prefix. * @return * A keyed array with information about the schema, table name and prefix. */ diff --git a/includes/errors.inc b/includes/errors.inc index 1047a6665..96bf8fdb2 100644 --- a/includes/errors.inc +++ b/includes/errors.inc @@ -182,7 +182,8 @@ function _drupal_log_error($error, $fatal = FALSE) { // When running inside the testing framework, we relay the errors // to the tested site by the way of HTTP headers. - if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+;/", $_SERVER['HTTP_USER_AGENT']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) { + $test_info = &$GLOBALS['drupal_test_info']; + if (!empty($test_info['in_child_site']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) { // $number does not use drupal_static as it should not be reset // as it uniquely identifies each PHP error. static $number = 0; diff --git a/includes/install.core.inc b/includes/install.core.inc index 9a81a9b5c..e2e7752bc 100644 --- a/includes/install.core.inc +++ b/includes/install.core.inc @@ -800,7 +800,7 @@ function install_verify_completed_task() { * Verifies the existing settings in settings.php. */ function install_verify_settings() { - global $db_prefix, $databases; + global $databases; // Verify existing settings (if any). if (!empty($databases) && install_verify_pdo()) { @@ -834,7 +834,7 @@ function install_verify_pdo() { * The form API definition for the database configuration form. */ function install_settings_form($form, &$form_state, &$install_state) { - global $databases, $db_prefix; + global $databases; $profile = $install_state['parameters']['profile']; $install_locale = $install_state['parameters']['locale']; @@ -945,6 +945,10 @@ function install_settings_form($form, &$form_state, &$install_state) { * Form API validate for install_settings form. */ function install_settings_form_validate($form, &$form_state) { + // TODO: remove when PIFR will be updated to use 'db_prefix' instead of + // 'prefix' in the database settings form. + $form_state['values']['prefix'] = $form_state['values']['db_prefix']; + form_set_value($form['_database'], $form_state['values'], $form_state); $errors = install_database_errors($form_state['values'], $form_state['values']['settings_file']); foreach ($errors as $name => $message) { @@ -959,8 +963,8 @@ function install_database_errors($database, $settings_file) { global $databases; $errors = array(); // Verify the table prefix. - if (!empty($database['db_prefix']) && is_string($database['db_prefix']) && !preg_match('/^[A-Za-z0-9_.]+$/', $database['db_prefix'])) { - $errors['db_prefix'] = st('The database table prefix you have entered, %db_prefix, is invalid. The table prefix can only contain alphanumeric characters, periods, or underscores.', array('%db_prefix' => $database['db_prefix'])); + if (!empty($database['prefix']) && is_string($database['prefix']) && !preg_match('/^[A-Za-z0-9_.]+$/', $database['prefix'])) { + $errors['prefix'] = st('The database table prefix you have entered, %prefix, is invalid. The table prefix can only contain alphanumeric characters, periods, or underscores.', array('%prefix' => $database['prefix'])); } if (!empty($database['port']) && !is_numeric($database['port'])) { @@ -1000,16 +1004,12 @@ function install_database_errors($database, $settings_file) { function install_settings_form_submit($form, &$form_state) { global $install_state; - $database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port'))); + $database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port', 'prefix'))); // Update global settings array and save. $settings['databases'] = array( 'value' => array('default' => array('default' => $database)), 'required' => TRUE, ); - $settings['db_prefix'] = array( - 'value' => $form_state['values']['db_prefix'], - 'required' => TRUE, - ); $settings['drupal_hash_salt'] = array( 'value' => drupal_hash_base64(drupal_random_bytes(55)), 'required' => TRUE, |