fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-2411

Browse Source 
ProcessMaker doesn't install if the MySQL root password contains a character which isn't a letter or number
This commit is contained in:
dheeyi william
2016-12-20 12:35:10 -04:00
parent 7bb60d4b42
commit b0fe6b8210
3 changed files with 67 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
gulliver/thirdparty/creole/Creole.php vendored
View File

@@ -189,14 +189,14 @@ class Creole {
trigger_error("The Creole::NO_ASSOC_LOWER flag has been deprecated, and is now the default behavior. Use Creole::COMPAT_ASSOC_LOWER to lowercase resulset keys.", E_USER_WARNING);
}
if(!class_exists('G')){
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
$docuroot = explode( '/', $realdocuroot );
array_pop( $docuroot );
$pathhome = implode( '/', $docuroot ) . '/';
array_pop( $docuroot );
$pathTrunk = implode( '/', $docuroot ) . '/';
require_once($pathTrunk.'gulliver/system/class.g.php');
if (!class_exists('G')) {
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$docuroot = explode('/', $realdocuroot);
array_pop($docuroot);
$pathhome = implode('/', $docuroot) . '/';
array_pop($docuroot);
$pathTrunk = implode('/', $docuroot) . '/';
require_once($pathTrunk . 'gulliver/system/class.g.php');
}
// sort $dsninfo by keys so the serialized result is always the same
// for identical connection parameters, no matter what their order is
@@ -309,7 +309,7 @@ class Creole {
);
$info = parse_url($dsn);
$info['pass'] = urldecode($info['pass']);
if (count($info) === 1) { // if there's only one element in result, then it must be the phptype
$parsed['phptype'] = array_pop($info);
return $parsed;

6
workflow/engine/config/databases.php
View File

@@ -31,13 +31,13 @@ if (defined('PATH_DB') && defined('SYS_SYS')) {
require_once(PATH_DB . SYS_SYS . '/db.php');
//to do: enable for other databases
$dbType = DB_ADAPTER;
$dsn = DB_ADAPTER . '://' . DB_USER . ':' . DB_PASS . '@' . DB_HOST . '/' . DB_NAME;
$dsn = DB_ADAPTER . '://' . DB_USER . ':' . urlencode(DB_PASS) . '@' . DB_HOST . '/' . DB_NAME;
//to do: enable a mechanism to select RBAC Database
$dsnRbac = DB_ADAPTER . '://' . DB_RBAC_USER . ':' . DB_RBAC_PASS . '@' . DB_RBAC_HOST . '/' . DB_RBAC_NAME;
$dsnRbac = DB_ADAPTER . '://' . DB_RBAC_USER . ':' . urlencode(DB_RBAC_PASS) . '@' . DB_RBAC_HOST . '/' . DB_RBAC_NAME;
//to do: enable a mechanism to select report Database
$dsnReport = DB_ADAPTER . '://' . DB_REPORT_USER . ':' . DB_REPORT_PASS . '@' . DB_REPORT_HOST . '/' . DB_REPORT_NAME;
$dsnReport = DB_ADAPTER . '://' . DB_REPORT_USER . ':' . urlencode(DB_REPORT_PASS) . '@' . DB_REPORT_HOST . '/' . DB_REPORT_NAME;
switch (DB_ADAPTER) {
case 'mysql':

120
workflow/engine/controllers/installer.php
View File

@@ -679,8 +679,8 @@ class Installer extends Controller
$db_port = $filter->validateInput($db_port);
$db_username = trim( $_REQUEST['db_username'] );
$db_username = $filter->validateInput($db_username);
$db_password = trim( $_REQUEST['db_password'] );
$db_password = $filter->validateInput($db_password);
$db_password = urlencode(trim($_REQUEST['db_password']));
$db_password = urldecode($filter->validateInput($db_password));
$wf = trim( $_REQUEST['wfDatabase'] );
$rb = trim( $_REQUEST['wfDatabase'] );
$rp = trim( $_REQUEST['wfDatabase'] );
@@ -707,9 +707,6 @@ class Installer extends Controller
try {
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mysql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array($db_hostname, $db_port, $db_username ) ));
@@ -1023,8 +1020,8 @@ class Installer extends Controller
$db_port = $filter->validateInput($db_port);
$db_username = trim( $_REQUEST['db_username'] );
$db_username = $filter->validateInput($db_username);
$db_password = trim( $_REQUEST['db_password'] );
$db_password = $filter->validateInput($db_password);
$db_password = urlencode(trim($_REQUEST['db_password']));
$db_password = urldecode($filter->validateInput($db_password));
$wf = trim( $_REQUEST['wfDatabase'] );
$rb = trim( $_REQUEST['wfDatabase'] );
$rp = trim( $_REQUEST['wfDatabase'] );
@@ -1047,9 +1044,6 @@ class Installer extends Controller
try {
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$db_host = $filter->validateInput($db_host);
$db_username = $filter->validateInput($db_username);
$db_password = $filter->validateInput($db_password);
$this->link = @mssql_connect( $db_host, $db_username, $db_password );
$this->installLog( G::LoadTranslation('ID_CONNECT_TO_SERVER', SYS_LANG, Array( $db_hostname, $db_port, $db_username )) );
@@ -1243,7 +1237,8 @@ class Installer extends Controller
if ($_REQUEST['db_engine'] == 'mysql') {
$db_hostname = $filter->validateInput($_REQUEST['db_hostname']);
$db_username = $filter->validateInput($_REQUEST['db_username']);
$db_password = $filter->validateInput($_REQUEST['db_password']);
$db_password = urlencode($_REQUEST['db_password']);
$db_password = urldecode($filter->validateInput($db_password));
$db_port = $filter->validateInput($_REQUEST['db_port']);
if($db_port != "3306"){
$db_hostname = $db_hostname.":".$db_port;
@@ -1287,35 +1282,33 @@ class Installer extends Controller
* Privates functions section, non callable by http request
*/
private function testMySQLconnection ()
private function testMySQLconnection()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$info = new StdClass();
$info->result = false;
$info->message = '';
if (! function_exists( "mysql_connect" )) {
if (!function_exists("mysql_connect")) {
$info->message = G::LoadTranslation('ID_PHP_MYSQL_NOT _INSTALL');
return $info;
}
$db_hostname = $_REQUEST['db_hostname'];
$db_hostname = $filter->validateInput($db_hostname);
$db_port = $_REQUEST['db_port'];
$db_port = $filter->validateInput($db_port);
$db_username = $_REQUEST['db_username'];
$db_username = $filter->validateInput($db_username);
$db_password = $_REQUEST['db_password'];
$db_password = $filter->validateInput($db_password);
$fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 );
if (! $fp) {
$dataRequest = $_REQUEST;
$db_hostname = $filter->validateInput($dataRequest['db_hostname']);
$db_port = $filter->validateInput($dataRequest['db_port']);
$db_username = $filter->validateInput($dataRequest['db_username']);
$db_password = urlencode($dataRequest['db_password']);
$db_password = urldecode($filter->validateInput($db_password));
$fp = @fsockopen($db_hostname, $db_port, $errno, $errstr, 30);
if (!$fp) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR', SYS_LANG, Array("$errstr ($errno)"));
return $info;
}
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mysql_connect( $db_host, $db_username, $db_password );
if (! $link) {
$link = @mysql_connect($db_host, $db_username, $db_password);
if (!$link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
return $info;
}
@@ -1323,12 +1316,12 @@ class Installer extends Controller
$db_hostname = $filter->validateInput($db_hostname, 'nosql');
$query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%%'\") ";
$query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username));
$res = @mysql_query( $query, $link );
$row = @mysql_fetch_array( $res );
$hasSuper = is_array( $row );
@mysql_free_result( $res );
@mysql_close( $link );
if (! $hasSuper) {
$res = @mysql_query($query, $link);
$row = @mysql_fetch_array($res);
$hasSuper = is_array($row);
@mysql_free_result($res);
@mysql_close($link);
if (!$hasSuper) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR_PRIVILEGE', SYS_LANG, Array($db_username));
return $info;
}
@@ -1337,7 +1330,7 @@ class Installer extends Controller
return $info;
}
private function testMSSQLconnection ()
private function testMSSQLconnection()
{
G::LoadSystem('inputfilter');
$filter = new InputFilter();
@@ -1345,30 +1338,27 @@ class Installer extends Controller
$info->result = false;
$info->message = '';
if (! function_exists( "mssql_connect" )) {
if (!function_exists("mssql_connect")) {
$info->message = G::LoadTranslation('ID_PHP_MSSQL_NOT_INSTALLED');
return $info;
}
$dataRequest = $_REQUEST;
$db_hostname = $filter->validateInput($dataRequest['db_hostname']);
$db_port = $filter->validateInput($dataRequest['db_port']);
$db_username = $filter->validateInput($dataRequest['db_username']);
$db_password = urlencode($dataRequest['db_password']);
$db_password = urldecode($filter->validateInput($db_password));
$db_hostname = $_REQUEST['db_hostname'];
$db_hostname = $filter->validateInput($db_hostname);
$db_port = $_REQUEST['db_port'];
$db_port = $filter->validateInput($db_port);
$db_username = $_REQUEST['db_username'];
$db_username = $filter->validateInput($db_username);
$db_password = $_REQUEST['db_password'];
$db_password = $filter->validateInput($db_password);
$fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 );
if (! $fp) {
$fp = @fsockopen($db_hostname, $db_port, $errno, $errstr, 30);
if (!$fp) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR', SYS_LANG, Array("$errstr ($errno)"));
return $info;
}
$db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname;
$link = @mssql_connect( $db_host, $db_username, $db_password );
if (! $link) {
$link = @mssql_connect($db_host, $db_username, $db_password);
if (!$link) {
$info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG');
return $info;
}
@@ -1378,38 +1368,38 @@ class Installer extends Controller
$hasSecurityAdmin = false;
$hasSysAdmin = false;
$res = @mssql_query( "EXEC sp_helpsrvrolemember 'dbcreator' ", $link );
$row = mssql_fetch_array( $res );
while (is_array( $row )) {
$res = @mssql_query("EXEC sp_helpsrvrolemember 'dbcreator' ", $link);
$row = mssql_fetch_array($res);
while (is_array($row)) {
if ($row['MemberName'] == $db_username) {
$hasDbCreator = true;
}
$row = mssql_fetch_array( $res );
$row = mssql_fetch_array($res);
}
mssql_free_result( $res );
mssql_free_result($res);
$res = @mssql_query( "EXEC sp_helpsrvrolemember 'sysadmin' ", $link );
$row = mssql_fetch_array( $res );
while (is_array( $row )) {
$res = @mssql_query("EXEC sp_helpsrvrolemember 'sysadmin' ", $link);
$row = mssql_fetch_array($res);
while (is_array($row)) {
if ($row['MemberName'] == $db_username) {
$hasSysAdmin = true;
}
$row = mssql_fetch_array( $res );
$row = mssql_fetch_array($res);
}
mssql_free_result( $res );
mssql_free_result($res);
$res = @mssql_query( "EXEC sp_helpsrvrolemember 'SecurityAdmin' ", $link );
$row = mssql_fetch_array( $res );
while (is_array( $row )) {
$res = @mssql_query("EXEC sp_helpsrvrolemember 'SecurityAdmin' ", $link);
$row = mssql_fetch_array($res);
while (is_array($row)) {
if ($row['MemberName'] == $db_username) {
$hasSecurityAdmin = true;
}
$row = mssql_fetch_array( $res );
$row = mssql_fetch_array($res);
}
mssql_free_result( $res );
mssql_free_result($res);
if (! ($hasSysAdmin || ($hasSecurityAdmin && $hasDbCreator))) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR_SECURITYADMIN', SYS_LANG, Array($db_username) );
if (!($hasSysAdmin || ($hasSecurityAdmin && $hasDbCreator))) {
$info->message .= G::LoadTranslation('ID_CONNECTION_ERROR_SECURITYADMIN', SYS_LANG, Array($db_username));
return $info;
}
@@ -1675,8 +1665,8 @@ class Installer extends Controller
$db_port = $filter->validateInput($db_port);
$db_username = trim( $_REQUEST['db_username'] );
$db_username = $filter->validateInput($db_username);
$db_password = trim( $_REQUEST['db_password'] );
$db_password = $filter->validateInput($db_password);
$db_password = urlencode(trim($_REQUEST['db_password']));
$db_password = urldecode($filter->validateInput($db_password));
$wf = trim( $_REQUEST['wfDatabase'] );
$wf = $filter->validateInput($wf);