Commit Graph

37 Commits

Author SHA1 Message Date
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Joas Schilling 15eec7b83c Start migrations
Fixme:
- Install and update of apps
- No revert on live systems (debug only)
- Service adjustment to our interface
- Loading via autoloader

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:01:19 +02:00
Arthur Schiwon 18a8f3654b
fix install on mb4 enabled mariadb/mysql
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-01 13:44:18 +02:00
Thomas Müller 86ccc8949f
MySQL 4 byte is now detected during setup in any case.
config.sample.php was updated to explicitly state that there detection in place to set mysql.utf8mb4
2017-04-28 09:35:36 +02:00
Thomas Müller 43427e26d7
Add console command to migrate the charset 2017-04-28 09:35:36 +02:00
Thomas Müller aa22f93018
During setup of a mysql database we try to detect if charset 'utf8mb4' can be used 2017-04-28 09:35:35 +02:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Joas Schilling 1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Robin Appelman 421ca6439f
use the same oci connectstring in all code paths
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 17:58:52 +02:00
Morris Jobke edd55b0ea9
Use SystemConfig instead of AllConfig for DB stuff
* preparation for followup PRs to clean up the DB bootstrapping

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 15:53:49 -06:00
Morris Jobke d99ce3971b
Namespace and array syntax fixes
* minor fixes in preparation of a bigger DB and config PR

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 14:52:54 -06:00
Morris Jobke a4ad8af6e3
Add proper default value for datadir
* better safe than sorry
* fixes #3091

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 19:49:41 -06:00
Joas Schilling 9e95a89ab7 Merge pull request #2535 from nextcloud/allow-to-reuse-admin-as-install-name-like-on-mysql
Allow to reuse the same name when installing a new instance on postgres
2017-01-05 14:31:37 +01:00
Roeland Jago Douma 3714a6aaf0 Merge pull request #2670 from nextcloud/issue-2646-dont-connet-to-database-before-creating-it
Do not connect to database before creating it
2016-12-14 19:50:16 +01:00
Joas Schilling 9a5401ddd7
Only log as info when we can not create a new DB user
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 14:06:14 +01:00
Joas Schilling 7c061a4e06
Do not connect to database before creating it
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 13:52:04 +01:00
Joas Schilling 7293a4e5ec
Allow to reuse the same name when installing a new instance
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-12 17:28:57 +01:00
Joas Schilling a5a35cda7c
Lower the role name before using it
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-09 16:41:01 +01:00
Joas Schilling 0d6134f512
Revert "Quote database and role in queries"
This reverts commit 9ebd5d5bb2.
2016-12-09 15:36:14 +01:00
Lari Tikkanen 9ebd5d5bb2 Quote database and role in queries
Fixes #1793
Signed-off-by: Lari Tikkanen <lartza@outlook.com>
2016-12-07 22:12:25 +02:00
Robin Appelman 5365c1a32f
handle postgres setup when we cant connect as admin 2016-12-05 16:00:05 +01:00
Hemanth Kumar Veeranki 2b7d63f565 Added Exception catch in case of DB User exists
Signed-off-by: Hemanth Kumar Veeranki <hemanthveeranki@gmail.com>
2016-10-31 16:32:22 +05:30
Roeland Jago Douma 740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Thomas Müller a7245ea082
Fixing ctor call 2016-10-19 00:15:01 +02:00
Morris Jobke cc28f82b36
Add config option to update charset of mysql to utf8mb4
* fully optional
* requires additional options set in the database
2016-10-19 00:15:01 +02:00
Roeland Jago Douma 7fb88ec506
Use proper ALTER ROLE syntax
Fixes #1260

See https://www.postgresql.org/docs/9.0/static/sql-alterrole.html
2016-09-05 10:45:11 +02:00
Vincent Petry aeb4011279
Fix misleading MySQL DB creation error (#25485)
Whenever the GRANT ALL failed, it used to display "Database creation
failed" which is incorrect. It's only the privleges setting that failed.

This moves the privilege setting message to DEBUG and makes it more
precise.
2016-07-27 11:45:13 +02:00
Robin Appelman 0e83f5dbd7 revert to old setup connection logic 2016-07-26 11:44:15 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Joas Schilling 9781312648
Prevent syntax error when creating user or changing password 2016-07-18 11:44:10 +02:00
Robin Appelman 7ffda5d10f use pdo for postgres setup 2016-07-12 14:38:24 +02:00
Robin Appelman 8a79d314cf Remove duplicate database connect logic in mysql setup 2016-07-12 14:38:24 +02:00
Thomas Pulzer 0638937ada Changed the input option for database-port to required when parameter was provided.
Added casting database port to int for input sanitation in pgsql and oci connections.
2016-07-06 11:31:28 +02:00
Thomas Pulzer d367318088 Added occ install option for database-port.
Extended the database setup to store the database port.
Changed the PostgreSQL connection error message for clarification.
2016-07-06 09:58:38 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma 479245a301
Move \OC\Repair to PSR-4 2016-04-22 13:00:41 +02:00