public function __construct(filesystem_interface $filesystem, $paths = []) { $paths = (array) $paths; $absolute_paths = []; foreach ($paths as $path) { $absolute_paths[] = $filesystem->realpath($path); } parent::__construct($absolute_paths); }
/** * Find a list of controllers * * @param string $base_path Base path to prepend to file paths * @return router */ public function find($base_path = '') { if ($this->route_collection === null || $this->route_collection->count() === 0) { $this->route_collection = new RouteCollection(); foreach ($this->routing_files as $file_path) { $loader = new YamlFileLoader(new FileLocator($this->filesystem->realpath($base_path))); $this->route_collection->addCollection($loader->load($file_path)); } } return $this; }
/** * Find the template * * Override for Twig_Loader_Filesystem::findTemplate to add support * for loading from safe directories. */ protected function findTemplate($name) { $name = (string) $name; // normalize name $name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/')); // If this is in the cache we can skip the entire process below // as it should have already been validated if (isset($this->cache[$name])) { return $this->cache[$name]; } // First, find the template name. The override above of validateName // causes the validateName process to be skipped for this call $file = parent::findTemplate($name); try { // Try validating the name (which may throw an exception) parent::validateName($name); } catch (\Twig_Error_Loader $e) { if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) { // Ok, so outside of the configured template directories, we // can now check if we're within a "safe" directory // Find the real path of the directory the file is in $directory = $this->filesystem->realpath(dirname($file)); if ($directory === false) { // Some sort of error finding the actual path, must throw the exception throw $e; } foreach ($this->safe_directories as $safe_directory) { if (strpos($directory, $safe_directory) === 0) { // The directory being loaded is below a directory // that is "safe". We're good to load it! return $file; } } } // Not within any safe directories throw $e; } // No exception from validateName, safe to load. return $file; }
/** * Check if the user provided database parameters are correct * * This function checks the database connection data and also checks for * any other problems that could cause an error during the installation * such as if there is any database table names conflicting. * * Note: The function assumes that $table_prefix has been already validated * with validate_table_prefix(). * * @param string $dbms Selected database type * @param string $dbhost Database host address * @param int $dbport Database port number * @param string $dbuser Database username * @param string $dbpass Database password * @param string $dbname Database name * @param string $table_prefix Database table prefix * * @return array|bool Returns true if test is successful, array of errors otherwise */ public function check_database_connection($dbms, $dbhost, $dbport, $dbuser, $dbpass, $dbname, $table_prefix) { $dbms_info = $this->get_available_dbms($dbms); $dbms_info = $dbms_info[$dbms]; $errors = array(); // Instantiate it and set return on error true /** @var \phpbb\db\driver\driver_interface $db */ $db = new $dbms_info['DRIVER'](); $db->sql_return_on_error(true); // Check that we actually have a database name before going any further if (!in_array($dbms_info['SCHEMA'], array('sqlite', 'oracle'), true) && $dbname === '') { $errors[] = array('title' => 'INST_ERR_DB_NO_NAME'); } // Make sure we don't have a daft user who thinks having the SQLite database in the forum directory is a good idea if ($dbms_info['SCHEMA'] === 'sqlite' && stripos($this->filesystem->realpath($dbhost), $this->filesystem->realpath($this->phpbb_root_path) === 0)) { $errors[] = array('title' => 'INST_ERR_DB_FORUM_PATH'); } // Try to connect to db if (is_array($db->sql_connect($dbhost, $dbuser, $dbpass, $dbname, $dbport, false, true))) { $db_error = $db->sql_error(); $errors[] = array('title' => 'INST_ERR_DB_CONNECT', 'description' => $db_error['message'] ? utf8_convert_message($db_error['message']) : 'INST_ERR_DB_NO_ERROR'); } else { // Check if there is any table name collisions $temp_prefix = strtolower($table_prefix); $table_ary = array($temp_prefix . 'attachments', $temp_prefix . 'config', $temp_prefix . 'sessions', $temp_prefix . 'topics', $temp_prefix . 'users'); $db_tools_factory = new \phpbb\db\tools\factory(); $db_tools = $db_tools_factory->get($db); $tables = $db_tools->sql_list_tables(); $tables = array_map('strtolower', $tables); $table_intersect = array_intersect($tables, $table_ary); if (sizeof($table_intersect)) { $errors[] = array('title' => 'INST_ERR_PREFIX'); } // Check if database version is supported switch ($dbms) { case 'mysqli': if (version_compare($db->sql_server_info(true), '4.1.3', '<')) { $errors[] = array('title' => 'INST_ERR_DB_NO_MYSQLI'); } break; case 'sqlite': if (version_compare($db->sql_server_info(true), '2.8.2', '<')) { $errors[] = array('title' => 'INST_ERR_DB_NO_SQLITE'); } break; case 'sqlite3': if (version_compare($db->sql_server_info(true), '3.6.15', '<')) { $errors[] = array('title' => 'INST_ERR_DB_NO_SQLITE3'); } break; case 'oracle': $sql = "SELECT *\n\t\t\t\t\t\tFROM NLS_DATABASE_PARAMETERS\n\t\t\t\t\t\tWHERE PARAMETER = 'NLS_RDBMS_VERSION'\n\t\t\t\t\t\t\tOR PARAMETER = 'NLS_CHARACTERSET'"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $stats[$row['parameter']] = $row['value']; } $db->sql_freeresult($result); if (version_compare($stats['NLS_RDBMS_VERSION'], '9.2', '<') && $stats['NLS_CHARACTERSET'] !== 'UTF8') { $errors[] = array('title' => 'INST_ERR_DB_NO_ORACLE'); } break; case 'postgres': $sql = "SHOW server_encoding;"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row['server_encoding'] !== 'UNICODE' && $row['server_encoding'] !== 'UTF8') { $errors[] = array('title' => 'INST_ERR_DB_NO_POSTGRES'); } break; } } return empty($errors) ? true : $errors; }