Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections
...
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Joas Schilling
15eec7b83c
Start migrations
...
Fixme:
- Install and update of apps
- No revert on live systems (debug only)
- Service adjustment to our interface
- Loading via autoloader
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:01:19 +02:00
Arthur Schiwon
18a8f3654b
fix install on mb4 enabled mariadb/mysql
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-01 13:44:18 +02:00
Thomas Müller
86ccc8949f
MySQL 4 byte is now detected during setup in any case.
...
config.sample.php was updated to explicitly state that there detection in place to set mysql.utf8mb4
2017-04-28 09:35:36 +02:00
Thomas Müller
43427e26d7
Add console command to migrate the charset
2017-04-28 09:35:36 +02:00
Thomas Müller
aa22f93018
During setup of a mysql database we try to detect if charset 'utf8mb4' can be used
2017-04-28 09:35:35 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Joas Schilling
1c0bffe87f
Fix translations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Robin Appelman
421ca6439f
use the same oci connectstring in all code paths
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 17:58:52 +02:00
Morris Jobke
edd55b0ea9
Use SystemConfig instead of AllConfig for DB stuff
...
* preparation for followup PRs to clean up the DB bootstrapping
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 15:53:49 -06:00
Morris Jobke
d99ce3971b
Namespace and array syntax fixes
...
* minor fixes in preparation of a bigger DB and config PR
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 14:52:54 -06:00
Morris Jobke
a4ad8af6e3
Add proper default value for datadir
...
* better safe than sorry
* fixes #3091
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 19:49:41 -06:00
Joas Schilling
9e95a89ab7
Merge pull request #2535 from nextcloud/allow-to-reuse-admin-as-install-name-like-on-mysql
...
Allow to reuse the same name when installing a new instance on postgres
2017-01-05 14:31:37 +01:00
Roeland Jago Douma
3714a6aaf0
Merge pull request #2670 from nextcloud/issue-2646-dont-connet-to-database-before-creating-it
...
Do not connect to database before creating it
2016-12-14 19:50:16 +01:00
Joas Schilling
9a5401ddd7
Only log as info when we can not create a new DB user
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 14:06:14 +01:00
Joas Schilling
7c061a4e06
Do not connect to database before creating it
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 13:52:04 +01:00
Joas Schilling
7293a4e5ec
Allow to reuse the same name when installing a new instance
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-12 17:28:57 +01:00
Joas Schilling
a5a35cda7c
Lower the role name before using it
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-09 16:41:01 +01:00
Joas Schilling
0d6134f512
Revert "Quote database and role in queries"
...
This reverts commit 9ebd5d5bb2
.
2016-12-09 15:36:14 +01:00
Lari Tikkanen
9ebd5d5bb2
Quote database and role in queries
...
Fixes #1793
Signed-off-by: Lari Tikkanen <lartza@outlook.com>
2016-12-07 22:12:25 +02:00
Robin Appelman
5365c1a32f
handle postgres setup when we cant connect as admin
2016-12-05 16:00:05 +01:00
Hemanth Kumar Veeranki
2b7d63f565
Added Exception catch in case of DB User exists
...
Signed-off-by: Hemanth Kumar Veeranki <hemanthveeranki@gmail.com>
2016-10-31 16:32:22 +05:30
Roeland Jago Douma
740659a04c
Move away from OC_L10N
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Thomas Müller
a7245ea082
Fixing ctor call
2016-10-19 00:15:01 +02:00
Morris Jobke
cc28f82b36
Add config option to update charset of mysql to utf8mb4
...
* fully optional
* requires additional options set in the database
2016-10-19 00:15:01 +02:00
Roeland Jago Douma
7fb88ec506
Use proper ALTER ROLE syntax
...
Fixes #1260
See https://www.postgresql.org/docs/9.0/static/sql-alterrole.html
2016-09-05 10:45:11 +02:00
Vincent Petry
aeb4011279
Fix misleading MySQL DB creation error ( #25485 )
...
Whenever the GRANT ALL failed, it used to display "Database creation
failed" which is incorrect. It's only the privleges setting that failed.
This moves the privilege setting message to DEBUG and makes it more
precise.
2016-07-27 11:45:13 +02:00
Robin Appelman
0e83f5dbd7
revert to old setup connection logic
2016-07-26 11:44:15 +02:00
Joas Schilling
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Joas Schilling
9781312648
Prevent syntax error when creating user or changing password
2016-07-18 11:44:10 +02:00
Robin Appelman
7ffda5d10f
use pdo for postgres setup
2016-07-12 14:38:24 +02:00
Robin Appelman
8a79d314cf
Remove duplicate database connect logic in mysql setup
2016-07-12 14:38:24 +02:00
Thomas Pulzer
0638937ada
Changed the input option for database-port to required when parameter was provided.
...
Added casting database port to int for input sanitation in pgsql and oci connections.
2016-07-06 11:31:28 +02:00
Thomas Pulzer
d367318088
Added occ install option for database-port.
...
Extended the database setup to store the database port.
Changed the PostgreSQL connection error message for clarification.
2016-07-06 09:58:38 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Roeland Jago Douma
479245a301
Move \OC\Repair to PSR-4
2016-04-22 13:00:41 +02:00