etape_3.php ➔ preparer_prefixe_tables() - Code Metrics - Inspection of "Fix #3626 : installation, ne pas permettre un pref..." - spip/SPIP - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c4c157...8a4902 )

by cam

created 2018-01-08 21:00 UTC

etape_3.php ➔ preparer_prefixe_tables() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	1
dl	0
loc	3
rs	10
c	0
b	0
f	0

<?php

/***************************************************************************\
 *  SPIP, Systeme de publication pour l'internet                           *
 *                                                                         *
 *  Copyright (c) 2001-2017                                                *
 *  Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James  *
 *                                                                         *
 *  Ce programme est un logiciel libre distribue sous licence GNU/GPL.     *
 *  Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne.   *
\***************************************************************************/

if (!defined('_ECRIRE_INC_VERSION')) {
	return;
}

include_spip('inc/headers');
include_spip('base/abstract_sql');

// http://code.spip.net/@install_bases
function install_bases($adresse_db, $login_db, $pass_db, $server_db, $choix_db, $sel_db, $chmod_db) {

	// Prefix des tables :
	// S'il n'est pas defini par mes_options/inc/mutualiser, on va le creer
	// a partir de ce qui est envoye a l'installation
	if (!defined('_INSTALL_TABLE_PREFIX')) {
		$table_prefix = ($GLOBALS['table_prefix'] != 'spip')
			? $GLOBALS['table_prefix']
			: preparer_prefixe_tables(_request('tprefix'));
		// S'il est vide on remet spip
		if (!$table_prefix) {
			$table_prefix = 'spip';
		}
	} else {
		$table_prefix = _INSTALL_TABLE_PREFIX;
	}

	if (preg_match(',(.*):(.*),', $adresse_db, $r)) {
		list(, $adresse_db, $port) = $r;
	} else {
		$port = '';
	}

	$GLOBALS['connexions'][$server_db]
		= spip_connect_db($adresse_db, $port, $login_db, $pass_db, '', $server_db);

	$GLOBALS['connexions'][$server_db][$GLOBALS['spip_sql_version']]
		= $GLOBALS['spip_' . $server_db . '_functions_' . $GLOBALS['spip_sql_version']];

	$fquery = sql_serveur('query', $server_db);
	if ($choix_db == 'new_spip') {
		$re = ',^[a-z_][a-z_0-9-]*$,i';
		if (preg_match($re, $sel_db)) {
			$ok = sql_create_base($sel_db, $server_db);
			if (!$ok) {
				$re = "Impossible de creer la base $re";
				spip_log($re);
				return '<p>' . _T('avis_connexion_erreur_creer_base') . "</p><!--\n$re\n-->";
			}
		} else {
			$re = "Le nom de la base doit correspondre a $re";
			spip_log($re);

			return '<p>' . _T('avis_connexion_erreur_nom_base') . "</p><!--\n$re\n-->";
		}
	}

	// on rejoue la connexion apres avoir teste si il faut lui indiquer
	// un sql_mode
	install_mode_appel($server_db, false);
	$GLOBALS['connexions'][$server_db]
		= spip_connect_db($adresse_db, $port, $login_db, $pass_db, $sel_db, $server_db);

	$GLOBALS['connexions'][$server_db][$GLOBALS['spip_sql_version']]
		= $GLOBALS['spip_' . $server_db . '_functions_' . $GLOBALS['spip_sql_version']];

	// Completer le tableau decrivant la connexion

	$GLOBALS['connexions'][$server_db]['prefixe'] = $table_prefix;
	$GLOBALS['connexions'][$server_db]['db'] = $sel_db;

	$old = sql_showbase($table_prefix . '_meta', $server_db);
	if ($old) {
		$old = sql_fetch($old, $server_db);
	}
	if (!$old) {

		// Si possible, demander au serveur d'envoyer les textes
		// dans le codage std de SPIP,
		$charset = sql_get_charset(_DEFAULT_CHARSET, $server_db);

		if ($charset) {
			sql_set_charset($charset['charset'], $server_db);
			$GLOBALS['meta']['charset_sql_base'] =
				$charset['charset'];
			$GLOBALS['meta']['charset_collation_sql_base'] =
				$charset['collation'];
			$GLOBALS['meta']['charset_sql_connexion'] =
				$charset['charset'];
			$charsetbase = $charset['charset'];
		} else {
			spip_log(_DEFAULT_CHARSET . ' inconnu du serveur SQL');
			$charsetbase = 'standard';
		}
		spip_log("Creation des tables. Codage $charsetbase");
		creer_base($server_db); // AT LAST
		// memoriser avec quel charset on l'a creee

		if ($charset) {
			$t = array(
				'nom' => 'charset_sql_base',
				'valeur' => $charset['charset'],
				'impt' => 'non'
			);
			@sql_insertq('spip_meta', $t, '', $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
			$t['nom'] = 'charset_collation_sql_base';
			$t['valeur'] = $charset['collation'];
			@sql_insertq('spip_meta', $t, '', $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
			$t['nom'] = 'charset_sql_connexion';
			$t['valeur'] = $charset['charset'];
			@sql_insertq('spip_meta', $t, '', $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		}
		$t = array(
			'nom' => 'version_installee',
			'valeur' => $GLOBALS['spip_version_base'],
			'impt' => 'non'
		);
		@sql_insertq('spip_meta', $t, '', $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		$t['nom'] = 'nouvelle_install';
		$t['valeur'] = 1;
		@sql_insertq('spip_meta', $t, '', $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		// positionner la langue par defaut du site si un cookie de lang a ete mis
		if (isset($_COOKIE['spip_lang_ecrire'])) {
			@sql_insertq(
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
				'spip_meta',
				array('nom' => 'langue_site', 'valeur' => $_COOKIE['spip_lang_ecrire']),
				'',
				$server_db
			);
		}
	} else {
		// pour recreer les tables disparues au besoin
		spip_log('Table des Meta deja la. Verification des autres.');
		creer_base($server_db);
		$fupdateq = sql_serveur('updateq', $server_db);

		$r = $fquery("SELECT valeur FROM spip_meta WHERE nom='version_installee'", $server_db);

		if ($r) {
			$r = sql_fetch($r, $server_db);
		}
		$version_installee = !$r ? 0 : (double)$r['valeur'];
		if (!$version_installee or ($GLOBALS['spip_version_base'] < $version_installee)) {
			$fupdateq(
				'spip_meta',
				array('valeur' => $GLOBALS['spip_version_base'], 'impt' => 'non'),
				"nom='version_installee'",
				'',
				$server_db
			);
			spip_log('nouvelle version installee: ' . $GLOBALS['spip_version_base']);
		}
		// eliminer la derniere operation d'admin mal terminee
		// notamment la mise a jour
		@$fquery("DELETE FROM spip_meta WHERE nom='import_all' OR  nom='admin'", $server_db);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
	}

	// recuperer le charset de la connexion dans les meta
	$charset = '';
	$r = $fquery("SELECT valeur FROM spip_meta WHERE nom='charset_sql_connexion'", $server_db);
	if ($r) {
		$r = sql_fetch($r, $server_db);
	}
	if ($r) {
		$charset = $r['valeur'];
	}

	$ligne_rappel = install_mode_appel($server_db);

	$result_ok = @$fquery('SELECT COUNT(*) FROM spip_meta', $server_db);
	if (!$result_ok) {
		return "<!--\nvielle = $old rappel= $ligne_rappel\n-->";
	}

	if ($chmod_db) {
		install_fichier_connexion(
			_FILE_CHMOD_TMP,
			"if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', " . sprintf('0%3o', $chmod_db) . ");\n"
		);
	}

	// si ce fichier existe a cette etape c'est qu'il provient
	// d'une installation qui ne l'a pas cree correctement.
	// Le supprimer pour que _FILE_CONNECT_TMP prime.

	if (_FILE_CONNECT and file_exists(_FILE_CONNECT)) {
		spip_unlink(_FILE_CONNECT);

	}

	install_fichier_connexion(
		_FILE_CONNECT_TMP,
		$ligne_rappel
		. install_connexion(
			$adresse_db,
			$port,
			$login_db,
			$pass_db,
			$sel_db,
			$server_db,
			$table_prefix,
			'',
			$charset
		)
	);

	return '';
}

/**
 * Préparer le préfixe des tables
 *
 * Contrairement a ce qui est dit dans le message (trop strict mais c'est
 * pour notre bien), on tolère les chiffres en plus des minuscules.
 * On corrige aussi le préfixe afin qu'il ne commence pas par un chiffre
 * cf https://core.spip.net/issues/3626
 *
 * @param string $prefixe Le préfixe demandé
 * @return string Le préfixe corrigé
 */
function preparer_prefixe_tables($prefixe) {
	return trim(preg_replace(',^[0-9]+,', '', preg_replace(',[^a-z0-9],', '', strtolower($prefixe))));
}

// http://code.spip.net/@install_propose_ldap
function install_propose_ldap() {
	return generer_form_ecrire('install', (
	fieldset(
		_T('info_authentification_externe'),
		array(
			'etape' => array(
				'label' => _T('texte_annuaire_ldap_1'),
				'valeur' => 'ldap1',
				'hidden' => true
			)
		),
		bouton_suivant(_T('bouton_acces_ldap'))
	)));
}


// http://code.spip.net/@install_premier_auteur
function install_premier_auteur($email, $login, $nom, $pass, $hidden, $auteur_obligatoire) {
	return info_progression_etape(3, 'etape_', 'install/') .
	info_etape(
		_T('info_informations_personnelles'),
		'<b>' . _T('texte_informations_personnelles_1') . '</b>' .
		aider('install5', true) .
		'<p>' .
		($auteur_obligatoire ?
			''
			:
			_T('texte_informations_personnelles_2') . ' ' . _T('info_laisser_champs_vides')
		)
	)
	. generer_form_ecrire('install', (
		"\n<input type='hidden' name='etape' value='3b' />"
		. $hidden
		. fieldset(
			_T('info_identification_publique'),
			array(
				'nom' => array(
					'label' => '<b>' . _T('entree_signature') . "</b><br />\n" . _T('entree_nom_pseudo_1') . "\n",
					'valeur' => $nom,
					'required' => $auteur_obligatoire,
				),
				'email' => array(
					'label' => '<b>' . _T('entree_adresse_email') . "</b>\n",
					'valeur' => $email,
				)
			)
		)

		. fieldset(
			_T('entree_identifiants_connexion'),
			array(
				'login' => array(
					'label' => '<b>' . _T('entree_login') . "</b><br />\n" . _T(
						'info_login_trop_court_car_pluriel',
						array('nb' => _LOGIN_TROP_COURT)
					) . "\n",
					'valeur' => $login,
					'required' => $auteur_obligatoire,
				),
				'pass' => array(
					'label' => '<b>' . _T('entree_mot_passe') . "</b><br />\n" . _T(
						'info_passe_trop_court_car_pluriel',
						array('nb' => _PASS_LONGUEUR_MINI)
					) . "\n",
					'valeur' => $pass,
					'required' => $auteur_obligatoire,
				),
				'pass_verif' => array(
					'label' => '<b>' . _T('info_confirmer_passe') . "</b><br />\n",
					'valeur' => $pass,
					'required' => $auteur_obligatoire,
				)
			)
		)
		. bouton_suivant()));
}

// http://code.spip.net/@install_etape_3_dist
function install_etape_3_dist() {
	$ldap_present = _request('ldap_present');

	if (!$ldap_present) {
		$adresse_db = defined('_INSTALL_HOST_DB')
			? _INSTALL_HOST_DB
			: _request('adresse_db');

		$login_db = defined('_INSTALL_USER_DB')
			? _INSTALL_USER_DB
			: _request('login_db');

		$pass_db = defined('_INSTALL_PASS_DB')
			? _INSTALL_PASS_DB
			: _request('pass_db');

		$server_db = defined('_INSTALL_SERVER_DB')
			? _INSTALL_SERVER_DB
			: _request('server_db');

		$chmod_db = defined('_SPIP_CHMOD')
			? _SPIP_CHMOD
			: _request('chmod');

		$choix_db = defined('_INSTALL_NAME_DB')
			? _INSTALL_NAME_DB
			: _request('choix_db');

		$sel_db = ($choix_db == 'new_spip')
			? _request('table_new') : $choix_db;

		$res = install_bases($adresse_db, $login_db, $pass_db, $server_db, $choix_db, $sel_db, $chmod_db);

		if ($res) {
			$res = info_progression_etape(2, 'etape_', 'install/', true)
				. "<div class='error'><h3>" . _T('avis_operation_echec') . '</h3>'
				. $res
				. '<p>' . _T('texte_operation_echec') . '</p>'
				. '</div>';
		}
	} else {
		$res = '';
		list($adresse_db, $login_db, $pass_db, $sel_db, $server_db) = analyse_fichier_connection(_FILE_CONNECT_TMP);
		$GLOBALS['connexions'][$server_db] = spip_connect_db($adresse_db, $sel_db, $login_db, $pass_db, $sel_db, $server_db);
	}

	if (!$res) {
		if (file_exists(_FILE_CONNECT_TMP)) {
			include(_FILE_CONNECT_TMP);
		} else {
			redirige_url_ecrire('install');
		}

		if (file_exists(_FILE_CHMOD_TMP)) {
			include(_FILE_CHMOD_TMP);
		} else {
			redirige_url_ecrire('install');
		}

		$hidden = predef_ou_cache($adresse_db, $login_db, $pass_db, $server_db)
			. (defined('_INSTALL_NAME_DB') ? ''
				: "\n<input type='hidden' name='sel_db' value='$sel_db' />");

		$auteur_obligatoire = ($ldap_present ? 0 : !sql_countsel('spip_auteurs', '', '', '', $server_db));

		$res = "<div class='success'><b>"
			. _T('info_base_installee')
			. '</b></div>'
			. install_premier_auteur(
				_request('email'),
				_request('login'),
				_request('nom'),
				_request('pass'),
				$hidden,
				$auteur_obligatoire
			)
			. (($ldap_present or !function_exists('ldap_connect'))
				? '' : install_propose_ldap());
	}

	echo install_debut_html();
	echo $res;
	echo install_fin_html();
}


1			<?php
2
3			/***************************************************************************\
4			* SPIP, Systeme de publication pour l'internet *
5			* *
6			* Copyright (c) 2001-2017 *
7			* Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James *
8			* *
9			* Ce programme est un logiciel libre distribue sous licence GNU/GPL. *
10			* Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
11			\***************************************************************************/
12
13			if (!defined('_ECRIRE_INC_VERSION')) {
14			return;
15			}
16
17			include_spip('inc/headers');
18			include_spip('base/abstract_sql');
19
20			// http://code.spip.net/@install_bases
21			function install_bases($adresse_db, $login_db, $pass_db, $server_db, $choix_db, $sel_db, $chmod_db) {
22
23			// Prefix des tables :
24			// S'il n'est pas defini par mes_options/inc/mutualiser, on va le creer
25			// a partir de ce qui est envoye a l'installation
26			if (!defined('_INSTALL_TABLE_PREFIX')) {
27			$table_prefix = ($GLOBALS['table_prefix'] != 'spip')
28			? $GLOBALS['table_prefix']
29			: preparer_prefixe_tables(_request('tprefix'));
30			// S'il est vide on remet spip
31			if (!$table_prefix) {
32			$table_prefix = 'spip';
33			}
34			} else {
35			$table_prefix = _INSTALL_TABLE_PREFIX;
36			}
37
38			if (preg_match(',(.):(.),', $adresse_db, $r)) {
39			list(, $adresse_db, $port) = $r;
40			} else {
41			$port = '';
42			}
43
44			$GLOBALS['connexions'][$server_db]
45			= spip_connect_db($adresse_db, $port, $login_db, $pass_db, '', $server_db);
46
47			$GLOBALS['connexions'][$server_db][$GLOBALS['spip_sql_version']]
48			= $GLOBALS['spip_' . $server_db . '_functions_' . $GLOBALS['spip_sql_version']];
49
50			$fquery = sql_serveur('query', $server_db);
51			if ($choix_db == 'new_spip') {
52			$re = ',^[a-z_][a-z_0-9-]*$,i';
53			if (preg_match($re, $sel_db)) {
54			$ok = sql_create_base($sel_db, $server_db);
55			if (!$ok) {
56			$re = "Impossible de creer la base $re";
57			spip_log($re);
58			return '<p>' . _T('avis_connexion_erreur_creer_base') . "</p><!--\n$re\n-->";
59			}
60			} else {
61			$re = "Le nom de la base doit correspondre a $re";
62			spip_log($re);
63
64			return '<p>' . _T('avis_connexion_erreur_nom_base') . "</p><!--\n$re\n-->";
65			}
66			}
67
68			// on rejoue la connexion apres avoir teste si il faut lui indiquer
69			// un sql_mode
70			install_mode_appel($server_db, false);
71			$GLOBALS['connexions'][$server_db]
72			= spip_connect_db($adresse_db, $port, $login_db, $pass_db, $sel_db, $server_db);
73
74			$GLOBALS['connexions'][$server_db][$GLOBALS['spip_sql_version']]
75			= $GLOBALS['spip_' . $server_db . '_functions_' . $GLOBALS['spip_sql_version']];
76
77			// Completer le tableau decrivant la connexion
78
79			$GLOBALS['connexions'][$server_db]['prefixe'] = $table_prefix;
80			$GLOBALS['connexions'][$server_db]['db'] = $sel_db;
81
82			$old = sql_showbase($table_prefix . '_meta', $server_db);
83			if ($old) {
84			$old = sql_fetch($old, $server_db);
85			}
86			if (!$old) {
			0 ignored issues – show Bug Best Practice introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report The expression `$old` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
87			// Si possible, demander au serveur d'envoyer les textes
88			// dans le codage std de SPIP,
89			$charset = sql_get_charset(_DEFAULT_CHARSET, $server_db);
90
91			if ($charset) {
92			sql_set_charset($charset['charset'], $server_db);
93			$GLOBALS['meta']['charset_sql_base'] =
94			$charset['charset'];
95			$GLOBALS['meta']['charset_collation_sql_base'] =
96			$charset['collation'];
97			$GLOBALS['meta']['charset_sql_connexion'] =
98			$charset['charset'];
99			$charsetbase = $charset['charset'];
100			} else {
101			spip_log(_DEFAULT_CHARSET . ' inconnu du serveur SQL');
102			$charsetbase = 'standard';
103			}
104			spip_log("Creation des tables. Codage $charsetbase");
105			creer_base($server_db); // AT LAST
106			// memoriser avec quel charset on l'a creee
107
108			if ($charset) {
109			$t = array(
110			'nom' => 'charset_sql_base',
111			'valeur' => $charset['charset'],
112			'impt' => 'non'
113			);
114			@sql_insertq('spip_meta', $t, '', $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
115			$t['nom'] = 'charset_collation_sql_base';
116			$t['valeur'] = $charset['collation'];
117			@sql_insertq('spip_meta', $t, '', $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 13:09 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
118			$t['nom'] = 'charset_sql_connexion';
119			$t['valeur'] = $charset['charset'];
120			@sql_insertq('spip_meta', $t, '', $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 13:09 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
121			}
122			$t = array(
123			'nom' => 'version_installee',
124			'valeur' => $GLOBALS['spip_version_base'],
125			'impt' => 'non'
126			);
127			@sql_insertq('spip_meta', $t, '', $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
128			$t['nom'] = 'nouvelle_install';
129			$t['valeur'] = 1;
130			@sql_insertq('spip_meta', $t, '', $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
131			// positionner la langue par defaut du site si un cookie de lang a ete mis
132			if (isset($_COOKIE['spip_lang_ecrire'])) {
133			@sql_insertq(
			0 ignored issues – show Security Best Practice introduced 2017-06-08 16:12 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
134			'spip_meta',
135			array('nom' => 'langue_site', 'valeur' => $_COOKIE['spip_lang_ecrire']),
136			'',
137			$server_db
138			);
139			}
140			} else {
141			// pour recreer les tables disparues au besoin
142			spip_log('Table des Meta deja la. Verification des autres.');
143			creer_base($server_db);
144			$fupdateq = sql_serveur('updateq', $server_db);
145
146			$r = $fquery("SELECT valeur FROM spip_meta WHERE nom='version_installee'", $server_db);
147
148			if ($r) {
149			$r = sql_fetch($r, $server_db);
150			}
151			$version_installee = !$r ? 0 : (double)$r['valeur'];
152			if (!$version_installee or ($GLOBALS['spip_version_base'] < $version_installee)) {
153			$fupdateq(
154			'spip_meta',
155			array('valeur' => $GLOBALS['spip_version_base'], 'impt' => 'non'),
156			"nom='version_installee'",
157			'',
158			$server_db
159			);
160			spip_log('nouvelle version installee: ' . $GLOBALS['spip_version_base']);
161			}
162			// eliminer la derniere operation d'admin mal terminee
163			// notamment la mise a jour
164			@$fquery("DELETE FROM spip_meta WHERE nom='import_all' OR nom='admin'", $server_db);
			0 ignored issues – show Security Best Practice introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
165			}
166
167			// recuperer le charset de la connexion dans les meta
168			$charset = '';
169			$r = $fquery("SELECT valeur FROM spip_meta WHERE nom='charset_sql_connexion'", $server_db);
170			if ($r) {
171			$r = sql_fetch($r, $server_db);
172			}
173			if ($r) {
174			$charset = $r['valeur'];
175			}
176
177			$ligne_rappel = install_mode_appel($server_db);
178
179			$result_ok = @$fquery('SELECT COUNT(*) FROM spip_meta', $server_db);
180			if (!$result_ok) {
181			return "<!--\nvielle = $old rappel= $ligne_rappel\n-->";
182			}
183
184			if ($chmod_db) {
185			install_fichier_connexion(
186			_FILE_CHMOD_TMP,
187			"if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', " . sprintf('0%3o', $chmod_db) . ");\n"
188			);
189			}
190
191			// si ce fichier existe a cette etape c'est qu'il provient
192			// d'une installation qui ne l'a pas cree correctement.
193			// Le supprimer pour que _FILE_CONNECT_TMP prime.
194
195			if (_FILE_CONNECT and file_exists(_FILE_CONNECT)) {
196			spip_unlink(_FILE_CONNECT);
			0 ignored issues – show Security Bug introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report It seems like `_FILE_CONNECT` can also be of type `false`; however, `spip_unlink()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history...
197			}
198
199			install_fichier_connexion(
200			_FILE_CONNECT_TMP,
201			$ligne_rappel
202			. install_connexion(
203			$adresse_db,
204			$port,
205			$login_db,
206			$pass_db,
207			$sel_db,
208			$server_db,
209			$table_prefix,
210			'',
211			$charset
212			)
213			);
214
215			return '';
216			}
217
218			/**
219			* Préparer le préfixe des tables
220			*
221			* Contrairement a ce qui est dit dans le message (trop strict mais c'est
222			* pour notre bien), on tolère les chiffres en plus des minuscules.
223			* On corrige aussi le préfixe afin qu'il ne commence pas par un chiffre
224			* cf https://core.spip.net/issues/3626
225			*
226			* @param string $prefixe Le préfixe demandé
227			* @return string Le préfixe corrigé
228			*/
229			function preparer_prefixe_tables($prefixe) {
230			return trim(preg_replace(',^[0-9]+,', '', preg_replace(',[^a-z0-9],', '', strtolower($prefixe))));
231			}
232
233			// http://code.spip.net/@install_propose_ldap
234			function install_propose_ldap() {
235			return generer_form_ecrire('install', (
236			fieldset(
237			_T('info_authentification_externe'),
238			array(
239			'etape' => array(
240			'label' => _T('texte_annuaire_ldap_1'),
241			'valeur' => 'ldap1',
242			'hidden' => true
243			)
244			),
245			bouton_suivant(_T('bouton_acces_ldap'))
246			)));
247			}
248
249
250			// http://code.spip.net/@install_premier_auteur
251			function install_premier_auteur($email, $login, $nom, $pass, $hidden, $auteur_obligatoire) {
252			return info_progression_etape(3, 'etape_', 'install/') .
253			info_etape(
254			_T('info_informations_personnelles'),
255			'<b>' . _T('texte_informations_personnelles_1') . '</b>' .
256			aider('install5', true) .
257			'<p>' .
258			($auteur_obligatoire ?
259			''
260			:
261			_T('texte_informations_personnelles_2') . ' ' . _T('info_laisser_champs_vides')
262			)
263			)
264			. generer_form_ecrire('install', (
265			"\n<input type='hidden' name='etape' value='3b' />"
266			. $hidden
267			. fieldset(
268			_T('info_identification_publique'),
269			array(
270			'nom' => array(
271			'label' => '<b>' . _T('entree_signature') . "</b><br />\n" . _T('entree_nom_pseudo_1') . "\n",
272			'valeur' => $nom,
273			'required' => $auteur_obligatoire,
274			),
275			'email' => array(
276			'label' => '<b>' . _T('entree_adresse_email') . "</b>\n",
277			'valeur' => $email,
278			)
279			)
280			)
281
282			. fieldset(
283			_T('entree_identifiants_connexion'),
284			array(
285			'login' => array(
286			'label' => '<b>' . _T('entree_login') . "</b><br />\n" . _T(
287			'info_login_trop_court_car_pluriel',
288			array('nb' => _LOGIN_TROP_COURT)
289			) . "\n",
290			'valeur' => $login,
291			'required' => $auteur_obligatoire,
292			),
293			'pass' => array(
294			'label' => '<b>' . _T('entree_mot_passe') . "</b><br />\n" . _T(
295			'info_passe_trop_court_car_pluriel',
296			array('nb' => _PASS_LONGUEUR_MINI)
297			) . "\n",
298			'valeur' => $pass,
299			'required' => $auteur_obligatoire,
300			),
301			'pass_verif' => array(
302			'label' => '<b>' . _T('info_confirmer_passe') . "</b><br />\n",
303			'valeur' => $pass,
304			'required' => $auteur_obligatoire,
305			)
306			)
307			)
308			. bouton_suivant()));
309			}
310
311			// http://code.spip.net/@install_etape_3_dist
312			function install_etape_3_dist() {
313			$ldap_present = _request('ldap_present');
314
315			if (!$ldap_present) {
316			$adresse_db = defined('_INSTALL_HOST_DB')
317			? _INSTALL_HOST_DB
318			: _request('adresse_db');
319
320			$login_db = defined('_INSTALL_USER_DB')
321			? _INSTALL_USER_DB
322			: _request('login_db');
323
324			$pass_db = defined('_INSTALL_PASS_DB')
325			? _INSTALL_PASS_DB
326			: _request('pass_db');
327
328			$server_db = defined('_INSTALL_SERVER_DB')
329			? _INSTALL_SERVER_DB
330			: _request('server_db');
331
332			$chmod_db = defined('_SPIP_CHMOD')
333			? _SPIP_CHMOD
334			: _request('chmod');
335
336			$choix_db = defined('_INSTALL_NAME_DB')
337			? _INSTALL_NAME_DB
338			: _request('choix_db');
339
340			$sel_db = ($choix_db == 'new_spip')
341			? _request('table_new') : $choix_db;
342
343			$res = install_bases($adresse_db, $login_db, $pass_db, $server_db, $choix_db, $sel_db, $chmod_db);
344
345			if ($res) {
346			$res = info_progression_etape(2, 'etape_', 'install/', true)
347			. "<div class='error'><h3>" . _T('avis_operation_echec') . '</h3>'
348			. $res
349			. '<p>' . _T('texte_operation_echec') . '</p>'
350			. '</div>';
351			}
352			} else {
353			$res = '';
354			list($adresse_db, $login_db, $pass_db, $sel_db, $server_db) = analyse_fichier_connection(_FILE_CONNECT_TMP);
355			$GLOBALS['connexions'][$server_db] = spip_connect_db($adresse_db, $sel_db, $login_db, $pass_db, $sel_db, $server_db);
356			}
357
358			if (!$res) {
359			if (file_exists(_FILE_CONNECT_TMP)) {
360			include(_FILE_CONNECT_TMP);
361			} else {
362			redirige_url_ecrire('install');
363			}
364
365			if (file_exists(_FILE_CHMOD_TMP)) {
366			include(_FILE_CHMOD_TMP);
367			} else {
368			redirige_url_ecrire('install');
369			}
370
371			$hidden = predef_ou_cache($adresse_db, $login_db, $pass_db, $server_db)
372			. (defined('_INSTALL_NAME_DB') ? ''
373			: "\n<input type='hidden' name='sel_db' value='$sel_db' />");
374
375			$auteur_obligatoire = ($ldap_present ? 0 : !sql_countsel('spip_auteurs', '', '', '', $server_db));
376
377			$res = "<div class='success'><b>"
378			. _T('info_base_installee')
379			. '</b></div>'
380			. install_premier_auteur(
381			_request('email'),
382			_request('login'),
383			_request('nom'),
384			_request('pass'),
385			$hidden,
386			$auteur_obligatoire
387			)
388			. (($ldap_present or !function_exists('ldap_connect'))
389			? '' : install_propose_ldap());
390			}
391
392			echo install_debut_html();
393			echo $res;
394			echo install_fin_html();
395			}
396

spip / SPIP

Push — master ( c4c157...8a4902 )

etape_3.php ➔ preparer_prefixe_tables() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like