Commit 267ebfb7 authored by Dries's avatar Dries

- Patch #195416 by Damien Tournoud, David Strauss: table prefixes should be...

- Patch #195416 by Damien Tournoud, David Strauss: table prefixes should be per database connection.
parent 02b74638
......@@ -560,7 +560,7 @@ function drupal_settings_initialize() {
global $base_url, $base_path, $base_root;
// Export the following settings.php variables to the global namespace
global $databases, $db_prefix, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url;
global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url;
$conf = array();
if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) {
......@@ -2149,14 +2149,6 @@ function _drupal_bootstrap_page_cache() {
* Bootstrap database: Initialize database system and register autoload functions.
*/
function _drupal_bootstrap_database() {
// The user agent header is used to pass a database prefix in the request when
// running tests. However, for security reasons, it is imperative that we
// validate we ourselves made the request.
if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE) && !drupal_valid_test_ua($_SERVER['HTTP_USER_AGENT'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
// Redirect the user to the installation script if Drupal has not been
// installed yet (i.e., if no $databases array has been defined in the
// settings.php file) and we are not already installing.
......@@ -2165,6 +2157,42 @@ function _drupal_bootstrap_database() {
install_goto('install.php');
}
// The user agent header is used to pass a database prefix in the request when
// running tests. However, for security reasons, it is imperative that we
// validate we ourselves made the request.
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
if (!drupal_valid_test_ua($_SERVER['HTTP_USER_AGENT'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
// The first part of the user agent is the prefix itself.
$test_prefix = $matches[1];
// Set the test run id for use in other parts of Drupal.
$test_info = &$GLOBALS['drupal_test_info'];
$test_info['test_run_id'] = $test_prefix;
$test_info['in_child_site'] = TRUE;
foreach ($GLOBALS['databases']['default'] as &$value) {
// Extract the current default database prefix.
if (!isset($value['prefix'])) {
$current_prefix = '';
}
else if (is_array($value['prefix'])) {
$current_prefix = $value['prefix']['default'];
}
else {
$current_prefix = $value['prefix'];
}
// Remove the current database prefix and replace it by our own.
$value['prefix'] = array(
'default' => $current_prefix . $test_prefix,
);
}
}
// Initialize the database system. Note that the connection
// won't be initialized until it is actually requested.
require_once DRUPAL_ROOT . '/includes/database/database.inc';
......@@ -2222,15 +2250,15 @@ function drupal_get_bootstrap_phase() {
* Validate the HMAC and timestamp of a user agent header from simpletest.
*/
function drupal_valid_test_ua($user_agent) {
global $databases;
global $drupal_hash_salt;
list($prefix, $time, $salt, $hmac) = explode(';', $user_agent);
$check_string = $prefix . ';' . $time . ';' . $salt;
// We use the database credentials from settings.php to make the HMAC key, since
// We use the salt from settings.php to make the HMAC key, since
// the database is not yet initialized and we can't access any Drupal variables.
// The file properties add more entropy not easily accessible to others.
$filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
$key = serialize($databases) . filectime($filepath) . fileinode($filepath);
$key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath);
// The HMAC must match.
return $hmac == drupal_hmac_base64($check_string, $key);
}
......@@ -2239,15 +2267,15 @@ function drupal_valid_test_ua($user_agent) {
* Generate a user agent string with a HMAC and timestamp for simpletest.
*/
function drupal_generate_test_ua($prefix) {
global $databases;
global $drupal_hash_salt;
static $key;
if (!isset($key)) {
// We use the database credentials to make the HMAC key, since we
// check the HMAC before the database is initialized. filectime()
// and fileinode() are not easily determined from remote.
// We use the salt from settings.php to make the HMAC key, since
// the database is not yet initialized and we can't access any Drupal variables.
// The file properties add more entropy not easily accessible to others.
$filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
$key = serialize($databases) . filectime($filepath) . fileinode($filepath);
$key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath);
}
// Generate a moderately secure HMAC based on the database credentials.
$salt = uniqid('', TRUE);
......
......@@ -766,8 +766,6 @@ function drupal_access_denied() {
* A string containing the response body that was received.
*/
function drupal_http_request($url, array $options = array()) {
global $db_prefix;
$result = new stdClass();
// Parse the URL and make sure we can handle the schema.
......@@ -867,8 +865,9 @@ function drupal_http_request($url, array $options = array()) {
// user-agent is used to ensure that multiple testing sessions running at the
// same time won't interfere with each other as they would if the database
// prefix were stored statically in a file or database variable.
if (is_string($db_prefix) && preg_match("/simpletest\d+/", $db_prefix, $matches)) {
$options['headers']['User-Agent'] = drupal_generate_test_ua($matches[0]);
$test_info = &$GLOBALS['drupal_test_info'];
if (!empty($test_info['test_run_id'])) {
$options['headers']['User-Agent'] = drupal_generate_test_ua($test_info['test_run_id']);
}
$request = $options['method'] . ' ' . $path . " HTTP/1.0\r\n";
......@@ -4505,13 +4504,15 @@ function _drupal_bootstrap_full() {
module_load_all();
// Make sure all stream wrappers are registered.
file_get_stream_wrappers();
if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'simpletest') !== FALSE) {
// Valid SimpleTest user-agent, log fatal errors to test specific file
// directory. The user-agent is validated in DRUPAL_BOOTSTRAP_DATABASE
// phase so as long as it is a SimpleTest user-agent it is valid.
$test_info = &$GLOBALS['drupal_test_info'];
if (!empty($test_info['in_child_site'])) {
// Running inside the simpletest child site, log fatal errors to test
// specific file directory.
ini_set('log_errors', 1);
ini_set('error_log', file_directory_path() . '/error.log');
}
// Initialize $_GET['q'] prior to invoking hook_init().
drupal_path_initialize();
// Set a custom theme for the current page, if there is one. We need to run
......
......@@ -259,7 +259,26 @@ abstract class DatabaseConnection extends PDO {
*/
protected $schema = NULL;
/**
* The default prefix used by this database connection.
*
* Separated from the other prefixes for performance reasons.
*
* @var string
*/
protected $defaultPrefix = '';
/**
* The non-default prefixes used by this database connection.
*
* @var array
*/
protected $prefixes = array();
function __construct($dsn, $username, $password, $driver_options = array()) {
// Initialize and prepare the connection prefix.
$this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : '');
// Because the other methods don't seem to work right.
$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
......@@ -342,6 +361,25 @@ public function getConnectionOptions() {
return $this->connectionOptions;
}
/**
* Preprocess the prefixes used by this database connection.
*
* @param $prefix
* The prefixes, in any of the multiple forms documented in
* default.settings.php.
*/
protected function setPrefix($prefix) {
if (is_array($prefix)) {
$this->defaultPrefix = isset($prefix['default']) ? $prefix['default'] : '';
unset($prefix['default']);
$this->prefixes = $prefix;
}
else {
$this->defaultPrefix = $prefix;
$this->prefixes = array();
}
}
/**
* Appends a database prefix to all tables in a query.
*
......@@ -357,27 +395,12 @@ public function getConnectionOptions() {
* The properly-prefixed string.
*/
public function prefixTables($sql) {
global $db_prefix;
if (is_array($db_prefix)) {
if (array_key_exists('default', $db_prefix)) {
$tmp = $db_prefix;
unset($tmp['default']);
foreach ($tmp as $key => $val) {
$sql = strtr($sql, array('{' . $key . '}' => $val . $key));
}
return strtr($sql, array('{' => $db_prefix['default'] , '}' => ''));
}
else {
foreach ($db_prefix as $key => $val) {
$sql = strtr($sql, array('{' . $key . '}' => $val . $key));
}
return strtr($sql, array('{' => '' , '}' => ''));
}
}
else {
return strtr($sql, array('{' => $db_prefix , '}' => ''));
// Replace specific table prefixes first.
foreach ($this->prefixes as $key => $val) {
$sql = strtr($sql, array('{' . $key . '}' => $val . $key));
}
// Then replace remaining tables with the default prefix.
return strtr($sql, array('{' => $this->defaultPrefix , '}' => ''));
}
/**
......@@ -387,17 +410,12 @@ public function prefixTables($sql) {
* is not used in prefixTables due to performance reasons.
*/
public function tablePrefix($table = 'default') {
global $db_prefix;
if (is_array($db_prefix)) {
if (isset($db_prefix[$table])) {
return $db_prefix[$table];
}
elseif (isset($db_prefix['default'])) {
return $db_prefix['default'];
}
return '';
if (isset($this->prefixes[$table])) {
return $this->prefixes[$table];
}
else {
return $this->defaultPrefix;
}
return $db_prefix;
}
/**
......@@ -1314,6 +1332,20 @@ abstract class Database {
if (empty($value['driver'])) {
$database_info[$index][$target] = $database_info[$index][$target][mt_rand(0, count($database_info[$index][$target]) - 1)];
}
// Parse the prefix information.
if (!isset($database_info[$index][$target]['prefix'])) {
// Default to an empty prefix.
$database_info[$index][$target]['prefix'] = array(
'default' => '',
);
}
else if (!is_array($database_info[$index][$target]['prefix'])) {
// Transform the flat form into an array form.
$database_info[$index][$target]['prefix'] = array(
'default' => $database_info[$index][$target]['prefix'],
);
}
}
}
......@@ -1373,7 +1405,58 @@ public static function addConnectionInfo($key, $target, $info) {
if (!empty(self::$databaseInfo[$key])) {
return self::$databaseInfo[$key];
}
}
/**
* Rename a connection and its corresponding connection information.
*
* @param $old_key
* The old connection key.
* @param $new_key
* The new connection key.
* @return
* TRUE in case of success, FALSE otherwise.
*/
final public static function renameConnection($old_key, $new_key) {
if (empty(self::$databaseInfo)) {
self::parseConnectionInfo();
}
if (!empty(self::$databaseInfo[$old_key]) && empty(self::$databaseInfo[$new_key])) {
// Migrate the database connection information.
self::$databaseInfo[$new_key] = self::$databaseInfo[$old_key];
unset(self::$databaseInfo[$old_key]);
// Migrate over the DatabaseConnection object if it exists.
if (isset(self::$connections[$old_key])) {
self::$connections[$new_key] = self::$connections[$old_key];
unset(self::$connections[$old_key]);
}
return TRUE;
}
else {
return FALSE;
}
}
/**
* Remove a connection and its corresponding connection information.
*
* @param $key
* The connection key.
* @return
* TRUE in case of success, FALSE otherwise.
*/
final public static function removeConnection($key) {
if (isset(self::$databaseInfo[$key])) {
unset(self::$databaseInfo[$key]);
unset(self::$connections[$key]);
return TRUE;
}
else {
return FALSE;
}
}
/**
......@@ -1386,8 +1469,6 @@ public static function addConnectionInfo($key, $target, $info) {
* The database target to open.
*/
final protected static function openConnection($key, $target) {
global $db_prefix;
if (empty(self::$databaseInfo)) {
self::parseConnectionInfo();
}
......@@ -1415,13 +1496,6 @@ public static function addConnectionInfo($key, $target, $info) {
$new_connection->setLogger(self::$logs[$key]);
}
// We need to pass around the simpletest database prefix in the request
// and we put that in the user_agent header. The header HMAC was already
// validated in bootstrap.inc.
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
$db_prefix_string = is_array($db_prefix) ? $db_prefix['default'] : $db_prefix;
$db_prefix = $db_prefix_string . $matches[1];
}
return $new_connection;
}
......
......@@ -25,7 +25,7 @@ class DatabaseSchema_mysql extends DatabaseSchema {
const COMMENT_MAX_COLUMN = 255;
/**
* Get information about the table and database name from the db_prefix.
* Get information about the table and database name from the prefix.
*
* @return
* A keyed array with information about the database, table name and prefix.
......
......@@ -170,11 +170,11 @@ public function nextPlaceholder() {
}
/**
* Get information about the table name and schema from the db_prefix.
* Get information about the table name and schema from the prefix.
*
* @param
* Name of table to look prefix up for. Defaults to 'default' because thats
* default key for db_prefix.
* default key for prefix.
* @return
* A keyed array with information about the schema, table name and prefix.
*/
......
......@@ -182,7 +182,8 @@ function _drupal_log_error($error, $fatal = FALSE) {
// When running inside the testing framework, we relay the errors
// to the tested site by the way of HTTP headers.
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+;/", $_SERVER['HTTP_USER_AGENT']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) {
$test_info = &$GLOBALS['drupal_test_info'];
if (!empty($test_info['in_child_site']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) {
// $number does not use drupal_static as it should not be reset
// as it uniquely identifies each PHP error.
static $number = 0;
......
......@@ -800,7 +800,7 @@ function install_verify_completed_task() {
* Verifies the existing settings in settings.php.
*/
function install_verify_settings() {
global $db_prefix, $databases;
global $databases;
// Verify existing settings (if any).
if (!empty($databases) && install_verify_pdo()) {
......@@ -834,7 +834,7 @@ function install_verify_pdo() {
* The form API definition for the database configuration form.
*/
function install_settings_form($form, &$form_state, &$install_state) {
global $databases, $db_prefix;
global $databases;
$profile = $install_state['parameters']['profile'];
$install_locale = $install_state['parameters']['locale'];
......@@ -945,6 +945,10 @@ function install_settings_form($form, &$form_state, &$install_state) {
* Form API validate for install_settings form.
*/
function install_settings_form_validate($form, &$form_state) {
// TODO: remove when PIFR will be updated to use 'db_prefix' instead of
// 'prefix' in the database settings form.
$form_state['values']['prefix'] = $form_state['values']['db_prefix'];
form_set_value($form['_database'], $form_state['values'], $form_state);
$errors = install_database_errors($form_state['values'], $form_state['values']['settings_file']);
foreach ($errors as $name => $message) {
......@@ -959,8 +963,8 @@ function install_database_errors($database, $settings_file) {
global $databases;
$errors = array();
// Verify the table prefix.
if (!empty($database['db_prefix']) && is_string($database['db_prefix']) && !preg_match('/^[A-Za-z0-9_.]+$/', $database['db_prefix'])) {
$errors['db_prefix'] = st('The database table prefix you have entered, %db_prefix, is invalid. The table prefix can only contain alphanumeric characters, periods, or underscores.', array('%db_prefix' => $database['db_prefix']));
if (!empty($database['prefix']) && is_string($database['prefix']) && !preg_match('/^[A-Za-z0-9_.]+$/', $database['prefix'])) {
$errors['prefix'] = st('The database table prefix you have entered, %prefix, is invalid. The table prefix can only contain alphanumeric characters, periods, or underscores.', array('%prefix' => $database['prefix']));
}
if (!empty($database['port']) && !is_numeric($database['port'])) {
......@@ -1000,16 +1004,12 @@ function install_database_errors($database, $settings_file) {
function install_settings_form_submit($form, &$form_state) {
global $install_state;
$database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port')));
$database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port', 'prefix')));
// Update global settings array and save.
$settings['databases'] = array(
'value' => array('default' => array('default' => $database)),
'required' => TRUE,
);
$settings['db_prefix'] = array(
'value' => $form_state['values']['db_prefix'],
'required' => TRUE,
);
$settings['drupal_hash_salt'] = array(
'value' => drupal_hash_base64(drupal_random_bytes(55)),
'required' => TRUE,
......
This diff is collapsed.
......@@ -272,10 +272,11 @@ class SimpleTestFunctionalTest extends DrupalWebTestCase {
/**
* Check if the test is being run from inside a CURL request.
*
* @return The test is being run from inside a CURL request.
*/
function inCURL() {
// We cannot rely on drupal_static('drupal_test_info') here, because
// 'in_child_site' would be FALSE for the parent site when we are
// executing the tests. Default to direct detection of the HTTP headers.
return isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+/", $_SERVER['HTTP_USER_AGENT']);
}
}
......
......@@ -61,6 +61,7 @@
* 'password' => 'password',
* 'host' => 'localhost',
* 'port' => 3306,
* 'prefix' => 'myprefix_',
* );
*
* The "driver" property indicates what Drupal database driver the
......@@ -106,44 +107,45 @@
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => 'main_',
* );
*
* You can optionally set prefixes for some or all database table names
* by using the $db_prefix setting. If a prefix is specified, the table
* by using the 'prefix' setting. If a prefix is specified, the table
* name will be prepended with its value. Be sure to use valid database
* characters only, usually alphanumeric and underscore. If no prefixes
* are desired, leave it as an empty string ''.
*
* To have all database names prefixed, set $db_prefix as a string:
* To have all database names prefixed, set 'prefix' as a string:
*
* $db_prefix = 'main_';
* 'prefix' => 'main_',
*
* To provide prefixes for specific tables, set $db_prefix as an array.
* To provide prefixes for specific tables, set 'prefix' as an array.
* The array's keys are the table names and the values are the prefixes.
* The 'default' element holds the prefix for any tables not specified
* elsewhere in the array. Example:
* The 'default' element is mandatory and holds the prefix for any tables
* not specified elsewhere in the array. Example:
*
* $db_prefix = array(
* 'prefix' => array(
* 'default' => 'main_',
* 'users' => 'shared_',
* 'users' => 'shared_',
* 'sessions' => 'shared_',
* 'role' => 'shared_',
* 'authmap' => 'shared_',
* );
* ),
*
* You can also use db_prefix as a reference to a schema/database. This maybe
* You can also use a reference to a schema/database as a prefix. This maybe
* useful if your Drupal installation exists in a schema that is not the default
* or you want to access several databases from the same code base at the same
* time.
* Example:
*
* $db_prefix = array(
* 'default' => 'main.',
* 'users' => 'shared.',
* 'prefix' => array(
* 'default' => 'main.',
* 'users' => 'shared.',
* 'sessions' => 'shared.',
* 'role' => 'shared.',
* 'authmap' => 'shared.',
* );
* );
*
* NOTE: MySQL and SQLite's definition of a schema is a database.
*
......@@ -154,6 +156,7 @@
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => '',
* );
* $databases['default']['default'] = array(
* 'driver' => 'pgsql',
......@@ -161,6 +164,7 @@
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => '',
* );
* $databases['default']['default'] = array(
* 'driver' => 'sqlite',
......@@ -168,7 +172,6 @@
* );
*/
$databases = array();
$db_prefix = '';
/**
* Access control for update.php script.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment