public function __construct(filesystem_interface $filesystem, $paths = [])
{
$paths = (array) $paths;
$absolute_paths = [];
foreach ($paths as $path) {
$absolute_paths[] = $filesystem->realpath($path);
}
parent::__construct($absolute_paths);
}
/**
* Find a list of controllers
*
* @param string $base_path Base path to prepend to file paths
* @return router
*/
public function find($base_path = '')
{
if ($this->route_collection === null || $this->route_collection->count() === 0) {
$this->route_collection = new RouteCollection();
foreach ($this->routing_files as $file_path) {
$loader = new YamlFileLoader(new FileLocator($this->filesystem->realpath($base_path)));
$this->route_collection->addCollection($loader->load($file_path));
}
}
return $this;
}
/**
* Find the template
*
* Override for Twig_Loader_Filesystem::findTemplate to add support
* for loading from safe directories.
*/
protected function findTemplate($name)
{
$name = (string) $name;
// normalize name
$name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
// If this is in the cache we can skip the entire process below
// as it should have already been validated
if (isset($this->cache[$name])) {
return $this->cache[$name];
}
// First, find the template name. The override above of validateName
// causes the validateName process to be skipped for this call
$file = parent::findTemplate($name);
try {
// Try validating the name (which may throw an exception)
parent::validateName($name);
} catch (\Twig_Error_Loader $e) {
if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) {
// Ok, so outside of the configured template directories, we
// can now check if we're within a "safe" directory
// Find the real path of the directory the file is in
$directory = $this->filesystem->realpath(dirname($file));
if ($directory === false) {
// Some sort of error finding the actual path, must throw the exception
throw $e;
}
foreach ($this->safe_directories as $safe_directory) {
if (strpos($directory, $safe_directory) === 0) {
// The directory being loaded is below a directory
// that is "safe". We're good to load it!
return $file;
}
}
}
// Not within any safe directories
throw $e;
}
// No exception from validateName, safe to load.
return $file;
}
/**
* Check if the user provided database parameters are correct
*
* This function checks the database connection data and also checks for
* any other problems that could cause an error during the installation
* such as if there is any database table names conflicting.
*
* Note: The function assumes that $table_prefix has been already validated
* with validate_table_prefix().
*
* @param string $dbms Selected database type
* @param string $dbhost Database host address
* @param int $dbport Database port number
* @param string $dbuser Database username
* @param string $dbpass Database password
* @param string $dbname Database name
* @param string $table_prefix Database table prefix
*
* @return array|bool Returns true if test is successful, array of errors otherwise
*/
public function check_database_connection($dbms, $dbhost, $dbport, $dbuser, $dbpass, $dbname, $table_prefix)
{
$dbms_info = $this->get_available_dbms($dbms);
$dbms_info = $dbms_info[$dbms];
$errors = array();
// Instantiate it and set return on error true
/** @var \phpbb\db\driver\driver_interface $db */
$db = new $dbms_info['DRIVER']();
$db->sql_return_on_error(true);
// Check that we actually have a database name before going any further
if (!in_array($dbms_info['SCHEMA'], array('sqlite', 'oracle'), true) && $dbname === '') {
$errors[] = array('title' => 'INST_ERR_DB_NO_NAME');
}
// Make sure we don't have a daft user who thinks having the SQLite database in the forum directory is a good idea
if ($dbms_info['SCHEMA'] === 'sqlite' && stripos($this->filesystem->realpath($dbhost), $this->filesystem->realpath($this->phpbb_root_path) === 0)) {
$errors[] = array('title' => 'INST_ERR_DB_FORUM_PATH');
}
// Try to connect to db
if (is_array($db->sql_connect($dbhost, $dbuser, $dbpass, $dbname, $dbport, false, true))) {
$db_error = $db->sql_error();
$errors[] = array('title' => 'INST_ERR_DB_CONNECT', 'description' => $db_error['message'] ? utf8_convert_message($db_error['message']) : 'INST_ERR_DB_NO_ERROR');
} else {
// Check if there is any table name collisions
$temp_prefix = strtolower($table_prefix);
$table_ary = array($temp_prefix . 'attachments', $temp_prefix . 'config', $temp_prefix . 'sessions', $temp_prefix . 'topics', $temp_prefix . 'users');
$db_tools_factory = new \phpbb\db\tools\factory();
$db_tools = $db_tools_factory->get($db);
$tables = $db_tools->sql_list_tables();
$tables = array_map('strtolower', $tables);
$table_intersect = array_intersect($tables, $table_ary);
if (sizeof($table_intersect)) {
$errors[] = array('title' => 'INST_ERR_PREFIX');
}
// Check if database version is supported
switch ($dbms) {
case 'mysqli':
if (version_compare($db->sql_server_info(true), '4.1.3', '<')) {
$errors[] = array('title' => 'INST_ERR_DB_NO_MYSQLI');
}
break;
case 'sqlite':
if (version_compare($db->sql_server_info(true), '2.8.2', '<')) {
$errors[] = array('title' => 'INST_ERR_DB_NO_SQLITE');
}
break;
case 'sqlite3':
if (version_compare($db->sql_server_info(true), '3.6.15', '<')) {
$errors[] = array('title' => 'INST_ERR_DB_NO_SQLITE3');
}
break;
case 'oracle':
$sql = "SELECT *\n\t\t\t\t\t\tFROM NLS_DATABASE_PARAMETERS\n\t\t\t\t\t\tWHERE PARAMETER = 'NLS_RDBMS_VERSION'\n\t\t\t\t\t\t\tOR PARAMETER = 'NLS_CHARACTERSET'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$stats[$row['parameter']] = $row['value'];
}
$db->sql_freeresult($result);
if (version_compare($stats['NLS_RDBMS_VERSION'], '9.2', '<') && $stats['NLS_CHARACTERSET'] !== 'UTF8') {
$errors[] = array('title' => 'INST_ERR_DB_NO_ORACLE');
}
break;
case 'postgres':
$sql = "SHOW server_encoding;";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row['server_encoding'] !== 'UNICODE' && $row['server_encoding'] !== 'UTF8') {
$errors[] = array('title' => 'INST_ERR_DB_NO_POSTGRES');
}
break;
}
}
return empty($errors) ? true : $errors;
}
