Commit 0ced18e2 authored by Adrian Rossouw's avatar Adrian Rossouw Committed by adrian

Use apaches mod_env to set the database credentials in the virtualhost file,...

Use apaches mod_env to set the database credentials in the virtualhost file, so that they are only accessible inside a specific process. the $_SERVER values are now bootstrapped in the verify site process and the config file rewritten, so that you can now safely verify a site. the $_SERVER values are stored inside the site drushrc.php so that normal drush commands will continue to operate as they would. The open_basedir directive is commented out until we can resolve issues with it.
parent 1f000980
$databases['default']['default'] = array(
'driver' => '<?php print $db_type; ?>',
'database' => '<?php print $db_name; ?>',
'username' => '<?php print $db_user; ?>',
'password' => '<?php print $db_passwd; ?>',
'host' => '<?php print $db_host ?>',
'driver' => urldecode($_SERVER['db_type']),
'database' => urldecode($_SERVER['db_name']),
'username' => urldecode($_SERVER['db_user']),
'password' => urldecode($_SERVER['db_passwd']),
'host' => urldecode($_SERVER['db_host']),
);
$db_url = '<?php print strtr("%db_type://%db_user:%db_passwd@%db_host/%db_name", array('%db_type' => urlencode($db_type), '%db_user' => urlencode($db_user), '%db_passwd' => urlencode($db_passwd), '%db_host' => urlencode($db_host), '%db_name' => urlencode($db_name))); ?>';
$db_url = "<?php print strtr("%db_type://%db_user:%db_passwd@%db_host/%db_name", array(
'%db_type' => '$_SERVER[db_type]',
'%db_user' => '$_SERVER[db_user]',
'%db_passwd' => '$_SERVER[db_passwd]',
'%db_host' => '$_SERVER[db_host]',
'%db_name' => '$_SERVER[db_name]')); ?>";
$profile = "<?php print $profile ?>";
/**
......
......@@ -7,8 +7,15 @@
*/
function drush_provision_drupal_provision_verify_validate($url = null) {
if ($url) {
drush_errors_on();
drush_bootstrap(DRUSH_BOOTSTRAP_DRUPAL_FULL);
drush_bootstrap(DRUSH_BOOTSTRAP_DRUPAL_SITE);
$fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name');
foreach ($fields as $key) {
$_SERVER[$key] = drush_get_option($key, null, 'site');
}
_provision_drupal_create_settings_file($url);
drush_errors_on();
drush_bootstrap(DRUSH_BOOTSTRAP_DRUPAL_FULL);
}
// This will not have an effect if you are running it on a platform, just tests that if a site is provided it is an existing one
......
......@@ -80,9 +80,24 @@ function provision_load_site_data($url) {
* Save modified options to the site.php file
*/
function provision_save_site_data() {
drush_save_config('site');
// @TODO : remove site.php file after successful
// drushrc save.
$context = 'site';
drush_save_config($site);
if (!drush_get_error()) {
// append the db settings in the _SERVER variable so normal drush commands can still read it.
$filename = _drush_config_file($context);
$cache = drush_get_context($context);
$fp = fopen($filename, "a+");
$fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name');
foreach ($fields as $key) {
$line = "\n\$_SERVER['$key'] = ". var_export($cache[$key], TRUE) .';';
fwrite($fp, $line);
}
fwrite($fp, "\n");
fclose($fp);
}
}
/**
......
......@@ -6,3 +6,4 @@
Allow from all
<?php print $extra_config; ?>
</Directory>
......@@ -9,4 +9,8 @@ endforeach;
endif;
?>
<IfModule !env_module>
LoadModule env_module modules/mod_env.so
</IfModule>
<?php print $extra_config; ?>
......@@ -6,6 +6,16 @@
ServerName <?php print $site_url; ?>
SetEnv db_type <?php print urlencode($db_type); ?>
SetEnv db_name <?php print urlencode($db_name); ?>
SetEnv db_user <?php print urlencode($db_user); ?>
SetEnv db_passwd <?php print urlencode($db_passwd); ?>
SetEnv db_host <?php print urlencode($db_host); ?>
<?php if (!$redirection && is_array($aliases)) :
foreach ($aliases as $alias_url) :
if (trim($alias_url)) : ?>
......@@ -23,6 +33,7 @@
SetHandler This_is_a_Drupal_security_line_do_not_remove
</Directory>
php_admin_value open_basedir /tmp:<?php print rtrim($publish_path, '/') ?>/:<?php print rtrim($config_path, '/') ?>/includes/:/usr/share/php/
# @todo make this configurable and more intelligent
# php_admin_value open_basedir /tmp:<?php print rtrim($publish_path, '/') ?>/:<?php print rtrim($config_path, '/') ?>/includes/:/usr/share/php/
</VirtualHost>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment