diff options
Diffstat (limited to 'config/index.php')
| -rw-r--r-- | config/index.php | 77 |
1 files changed, 47 insertions, 30 deletions
diff --git a/config/index.php b/config/index.php index e76e6c7e..cef32248 100644 --- a/config/index.php +++ b/config/index.php @@ -84,7 +84,8 @@ $ourdb['mssql']['rootuser'] = 'administrator'; <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> - <title>MediaWiki <?php echo( $wgVersion ); ?> Installation</title> + <meta name="robots" content="noindex,nofollow"/> + <title>MediaWiki <?php echo htmlspecialchars( $wgVersion ); ?> Installation</title> <style type="text/css"> @import "../skins/monobook/main.css"; @@ -202,7 +203,7 @@ $ourdb['mssql']['rootuser'] = 'administrator'; <div id="content"> <div id="bodyContent"> -<h1>MediaWiki <?php print $wgVersion ?> Installation</h1> +<h1>MediaWiki <?php print htmlspecialchars( $wgVersion ) ?> Installation</h1> <?php $mainListOpened = false; # Is the main list (environement checking) opend ? Used by dieout @@ -302,7 +303,7 @@ $conf = new ConfigData; install_version_checks(); $self = 'Installer'; # Maintenance script name, to please Setup.php -print "<li>PHP " . phpversion() . " installed</li>\n"; +print "<li>PHP " . htmlspecialchars( phpversion() ) . " installed</li>\n"; error_reporting( 0 ); $phpdatabases = array(); @@ -402,7 +403,7 @@ if( wfIniGetBool( "safe_mode" ) ) { $conf->safeMode = false; } -$sapi = php_sapi_name(); +$sapi = htmlspecialchars( php_sapi_name() ); print "<li>PHP server API is $sapi; "; $script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php'; if( $wgUsePathInfo ) { @@ -585,6 +586,9 @@ print "<li style='font-weight:bold;color:green;font-size:110%'>Environment check : $_SERVER["SERVER_ADMIN"]; $conf->EmergencyContact = importPost( "EmergencyContact", $defaultEmail ); $conf->DBtype = importPost( "DBtype", $DefaultDBtype ); + if ( !isset( $ourdb[$conf->DBtype] ) ) { + $conf->DBtype = $DefaultDBtype; + } $conf->DBserver = importPost( "DBserver", "localhost" ); $conf->DBname = importPost( "DBname", "wikidb" ); @@ -757,7 +761,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { $errs["DBtype"] = "Unknown database type '$conf->DBtype'"; continue; } - print "<li>Database type: {$conf->DBtypename}</li>\n"; + print "<li>Database type: " . htmlspecialchars( $conf->DBtypename ) . "</li>\n"; $dbclass = 'Database'.ucfirst($conf->DBtype); $wgDBtype = $conf->DBtype; $wgDBadminuser = "root"; @@ -785,7 +789,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { $wgTitle = Title::newFromText( "Installation script" ); error_reporting( E_ALL ); - print "<li>Loading class: $dbclass</li>\n"; + print "<li>Loading class: " . htmlspecialchars( $dbclass ) . "</li>\n"; $dbc = new $dbclass; if( $conf->DBtype == 'mysql' ) { @@ -809,7 +813,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { } # Attempt to connect - echo( "<li>Attempting to connect to database server as $db_user..." ); + echo( "<li>Attempting to connect to database server as " . htmlspecialchars( $db_user ) . "..." ); $wgDatabase = Database::newFromParams( $wgDBserver, $db_user, $db_pass, '', 1 ); # Check the connection and respond to errors @@ -844,7 +848,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { case 2003: default: # General connection problem - echo( "failed with error [$errno] $errtx.</li>\n" ); + echo( htmlspecialchars( "failed with error [$errno] $errtx." ) . "</li>\n" ); $errs["DBserver"] = "Connection failed"; break; } # switch @@ -858,10 +862,11 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { ## Possible connect as a superuser if( $useRoot && $conf->DBtype != 'sqlite' ) { $wgDBsuperuser = $conf->RootUser; - echo( "<li>Attempting to connect to database \"postgres\" as superuser \"$wgDBsuperuser\"..." ); + echo( "<li>Attempting to connect to database \"postgres\" as superuser \"" . + htmlspecialchars( $wgDBsuperuser ) . "\"..." ); $wgDatabase = $dbc->newFromParams($wgDBserver, $wgDBsuperuser, $conf->RootPW, "postgres", 1); if (!$wgDatabase->isOpen()) { - print " error: " . $wgDatabase->lastError() . "</li>\n"; + print " error: " . htmlspecialchars( $wgDatabase->lastError() ) . "</li>\n"; $errs["DBserver"] = "Could not connect to database as superuser"; $errs["RootUser"] = "Check username"; $errs["RootPW"] = "and password"; @@ -869,10 +874,11 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { } $wgDatabase->initial_setup($conf->RootPW, 'postgres'); } - echo( "<li>Attempting to connect to database \"$wgDBname\" as \"$wgDBuser\"..." ); + echo( "<li>Attempting to connect to database \"" . htmlspecialchars( $wgDBname ) . + "\" as \"" . htmlspecialchars( $wgDBuser ) . "\"..." ); $wgDatabase = $dbc->newFromParams($wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname, 1); if (!$wgDatabase->isOpen()) { - print " error: " . $wgDatabase->lastError() . "</li>\n"; + print " error: " . htmlspecialchars( $wgDatabase->lastError() ) . "</li>\n"; } else { $myver = $wgDatabase->getServerVersion(); } @@ -884,7 +890,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { continue; } - print "<li>Connected to $myver"; + print "<li>Connected to " . htmlspecialchars( $myver ); if ($conf->DBtype == 'mysql') { if( version_compare( $myver, "4.0.14" ) < 0 ) { print "</li>\n"; @@ -971,15 +977,19 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { } } if ( $existingSchema && $existingSchema != $conf->DBschema ) { - print "<li><strong>Warning:</strong> you requested the {$conf->DBschema} schema, " . - "but the existing database has the $existingSchema schema. This upgrade script ". - "can't convert it, so it will remain $existingSchema.</li>\n"; + $encExisting = htmlspecialchars( $existingSchema ); + $encRequested = htmlspecialchars( $conf->DBschema ); + print "<li><strong>Warning:</strong> you requested the $encRequested schema, " . + "but the existing database has the $encExisting schema. This upgrade script ". + "can't convert it, so it will remain $encExisting.</li>\n"; $conf->setSchema( $existingSchema, $conf->DBengine ); } if ( $existingEngine && $existingEngine != $conf->DBengine ) { - print "<li><strong>Warning:</strong> you requested the {$conf->DBengine} storage " . - "engine, but the existing database uses the $existingEngine engine. This upgrade " . - "script can't convert it, so it will remain $existingEngine.</li>\n"; + $encExisting = htmlspecialchars( $existingEngine ); + $encRequested = htmlspecialchars( $conf->DBengine ); + print "<li><strong>Warning:</strong> you requested the $encRequested storage " . + "engine, but the existing database uses the $encExisting engine. This upgrade " . + "script can't convert it, so it will remain $encExisting.</li>\n"; $conf->setSchema( $conf->DBschema, $existingEngine ); } } @@ -1020,7 +1030,8 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { } $wgDatabase->freeResult( $res ); if ( !$found && $conf->DBengine != 'MyISAM' ) { - echo "<li><strong>Warning:</strong> {$conf->DBengine} storage engine not available, " . + echo "<li><strong>Warning:</strong> " . htmlspecialchars( $conf->DBengine ) . + " storage engine not available, " . "using MyISAM instead</li>\n"; $conf->setSchema( $conf->DBschema, 'MyISAM' ); } @@ -1059,10 +1070,10 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) { if( $wgDatabase2->isOpen() ) { # Nope, just close the test connection and continue $wgDatabase2->close(); - echo( "<li>User $wgDBuser exists. Skipping grants.</li>\n" ); + echo( "<li>User " . htmlspecialchars( $wgDBuser ) . " exists. Skipping grants.</li>\n" ); } else { # Yes, so run the grants - echo( "<li>Granting user permissions to $wgDBuser on $wgDBname..." ); + echo( "<li>" . htmlspecialchars( "Granting user permissions to $wgDBuser on $wgDBname..." ) ); dbsource( "../maintenance/users.sql", $wgDatabase ); echo( "success.</li>\n" ); } @@ -1165,7 +1176,9 @@ if( count( $errs ) ) { $list = getLanguageList(); foreach( $list as $code => $name ) { $sel = ($code == $conf->LanguageCode) ? 'selected="selected"' : ''; - echo "\n\t\t<option value=\"$code\" $sel>$name</option>"; + $encCode = htmlspecialchars( $code ); + $encName = htmlspecialchars( $name ); + echo "\n\t\t<option value=\"$encCode\" $sel>$encName</option>"; } echo "\n"; ?> @@ -1330,7 +1343,11 @@ if( count( $errs ) ) { <div class="config-section"> <div class="config-input"> <label class='column'>Database type:</label> -<?php if (isset($errs['DBpicktype'])) print "\t<span class='error'>$errs[DBpicktype]</span>\n"; ?> +<?php + if (isset($errs['DBpicktype'])) { + print "\t<span class='error'>" . htmlspecialchars( $errs['DBpicktype'] ) . "</span>\n"; + } +?> <ul class='plain'><?php database_picker($conf); ?></ul> @@ -1455,7 +1472,7 @@ if( count( $errs ) ) { </div> </form> <script type="text/javascript"> -window.onload = toggleDBarea('<?php echo $conf->DBtype; ?>', +window.onload = toggleDBarea('<?php echo Xml::encodeJsVar( $conf->DBtype ); ?>', <?php ## If they passed in a root user name, don't populate it on page load echo strlen(importPost('RootUser', '')) ? 0 : 1; @@ -1781,10 +1798,8 @@ function importRequest( $name, $default = "" ) { return importVar( $_REQUEST, $name, $default ); } -$radioCount = 0; - function aField( &$conf, $field, $text, $type = "text", $value = "", $onclick = '' ) { - global $radioCount; + static $radioCount = 0; if( $type != "" ) { $xtype = "type=\"$type\""; } else { @@ -1824,7 +1839,9 @@ function aField( &$conf, $field, $text, $type = "text", $value = "", $onclick = } global $errs; - if(isset($errs[$field])) echo "<span class='error'>" . $errs[$field] . "</span>\n"; + if(isset($errs[$field])) { + echo "<span class='error'>" . htmlspecialchars( $errs[$field] ) . "</span>\n"; + } } function getLanguageList() { @@ -1917,7 +1934,7 @@ function testMemcachedServer( $server ) { fclose( $fp ); } if ( !$errstr ) { - echo "<li>Connected to memcached on $host:$port successfully"; + echo "<li>Connected to memcached on " . htmlspecialchars( "$host:$port" ) ." successfully</li>"; } return $errstr; } |