From 15bca69d8bb27a5a3dd704d76fa9368ddd94ba76 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Fri, 18 Feb 2005 12:22:28 +0000 Subject: [PATCH] Remove Special:Asksql; moving it out to an extension. --- config/index.php | 10 -- includes/DefaultSettings.php | 10 -- includes/SpecialAsksql.php | 203 ------------------------------- includes/SpecialPage.php | 1 - includes/SpecialSpecialpages.php | 2 +- index.php | 1 - 6 files changed, 1 insertion(+), 226 deletions(-) delete mode 100644 includes/SpecialAsksql.php diff --git a/config/index.php b/config/index.php index 69e1d2ef6b..e612bf397f 100644 --- a/config/index.php +++ b/config/index.php @@ -1065,16 +1065,6 @@ if ( \$wgCommandLineMode ) { \$wgDBpassword = \"{$slconf['DBpassword']}\"; \$wgDBprefix = \"{$slconf['DBprefix']}\"; -## To allow SQL queries through the wiki's Special:Askaql page, -## uncomment the next lines. THIS IS VERY INSECURE. If you want -## to allow semipublic read-only SQL access for your sysops, -## you should define a MySQL user with limited privileges. -## See MySQL docs: http://www.mysql.com/doc/en/GRANT.html -# -# \$wgAllowSysopQueries = true; -# \$wgDBsqluser = \"sqluser\"; -# \$wgDBsqlpassword = \"sqlpass\"; - # If you're on MySQL 3.x, this next line must be FALSE: \$wgDBmysql4 = \$wgEnablePersistentLC = {$conf->DBmysql4}; diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 36387f0f28..e7d619e304 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -259,16 +259,6 @@ $wgDBservers = false; /** How long to wait for a slave to catch up to the master */ $wgMasterWaitTimeout = 10; -# Sysop SQL queries -# The sql user shouldn't have too many rights other the database, restrict -# it to SELECT only on 'page', 'revision' and 'text' tables for example -# -/** Dangerous if not configured properly. */ -$wgAllowSysopQueries = false; -$wgDBsqluser = 'sqluser'; -$wgDBsqlpassword = 'sqlpass'; -$wgDBpassword = 'userpass'; -$wgSqlLogFile = "{$wgUploadDirectory}/sqllog_mFhyRe6"; /** File to log MySQL errors to */ $wgDBerrorLog = false; diff --git a/includes/SpecialAsksql.php b/includes/SpecialAsksql.php deleted file mode 100644 index 02f6d014cd..0000000000 --- a/includes/SpecialAsksql.php +++ /dev/null @@ -1,203 +0,0 @@ -errorpage( 'nosuchspecialpage', 'nospecialpagetext' ); - return; - } - if( !$wgUser->isAllowed('asksql') ) { - $wgOut->sysopRequired(); - return; - } - - if( $wgRequest->wasPosted() ) { - $query = $wgRequest->getVal( 'wpSqlQuery' ); - $action = $wgRequest->getVal( 'action' ); - } else { - $query = ''; - $action = ''; - } - $f = new SqlQueryForm( $query); - - if ( "submit" == $action ) { - $f->doSubmit(); - } else { - $f->showForm( '' ); - } -} - -/** - * @access private - * @package MediaWiki - * @subpackage SpecialPage - */ -class SqlQueryForm { - var $query = ''; - - function SqlQueryForm( $query ) { - $this->query = $query; - } - - function showForm( $err ) { - global $wgOut, $wgUser, $wgLang; - global $wgLogQueries; - - $wgOut->setPagetitle( wfMsg( 'asksql' ) ); - $note = wfMsg( 'asksqltext' ); - if($wgLogQueries) - $note .= ' ' . wfMsg( 'sqlislogged' ); - $wgOut->addWikiText( $note ); - - if ( '' != $err ) { - $wgOut->addHTML( '

' . htmlspecialchars($err) . "\n" ); - } - if ( ! $this->query ) { $this->query = 'SELECT ... FROM ... WHERE ...'; } - $q = wfMsg( 'sqlquery' ); - $qb = wfMsg( 'querybtn' ); - $titleObj = Title::makeTitle( NS_SPECIAL, 'Asksql' ); - $action = $titleObj->escapeLocalURL( 'action=submit' ); - - $wgOut->addHTML( "

-

- - - - -
{$q}: - -
  - -
-
\n" ); - - } - - function doSubmit() { - global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath, $wgLang, $wgContLang; - global $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname, $wgSqlTimeout; - - # Use a limit, folks! - $this->query = trim( $this->query ); - if( preg_match( '/^SELECT/i', $this->query ) - and !preg_match( '/LIMIT/i', $this->query ) ) { - $this->query .= ' LIMIT 100'; - } - $conn = Database::newFromParams( $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname ); - - $this->logQuery( $this->query ); - - # Start timer, will kill the DB thread in $wgSqlTimeout seconds - $conn->startTimer( $wgSqlTimeout ); - $res = $conn->query( $this->query, 'SpecialAsksql::doSubmit' ); - $conn->stopTimer(); - $this->logFinishedQuery(); - - $n = 0; - @$n = $conn->numFields( $res ); - $titleList = false; - - if ( $n ) { - $k = array(); - for ( $x = 0; $x < $n; ++$x ) { - array_push( $k, $conn->fieldName( $res, $x ) ); - } - - if ( $n == 2 && in_array( 'page_title', $k ) && in_array( 'page_namespace', $k ) ) { - $titleList = true; - } - - $a = array(); - while ( $s = $conn->fetchObject( $res ) ) { - array_push( $a, $s ); - } - $conn->freeResult( $res ); - - if ( $titleList ) { - $r = ""; - foreach ( $a as $y ) { - $sTitle = htmlspecialchars( $y->page_title ); - if ( $y->page_namespace ) { - $sNamespace = $wgContLang->getNsText( $y->page_namespace ); - $link = "$sNamespace:$sTitle"; - } else { - $link = "$sTitle"; - } - $skin = $wgUser->getSkin(); - $link = $skin->makeLink( $link ); - $r .= "* [[$link]]
\n"; - } - } else { - - $r = "\n"; - foreach ( $k as $x ) $r .= ""; - $r .= "\n"; - - foreach ( $a as $y ) { - $r .= ''; - foreach ( $k as $x ) { - $o = $y->$x ; - if ( $x == 'page_title' or $x == 'rc_title') { - $namespace = 0; - if( $x == 'page_title' && isset( $y->page_namespace ) ) $namespace = $y->page_namespace; - if( $x == 'rc_title' && isset( $y->rc_namespace ) ) $namespace = $y->rc_namespace; - $title =& Title::makeTitle( $namespace, $o ); - $o = "escapeLocalUrl() . "\" class='internal'>" . - htmlspecialchars( $y->$x ) . '' ; - } else { - $o = htmlspecialchars( $o ); - } - $r .= '\n"; - } - $r .= "\n"; - } - $r .= "
" . htmlspecialchars( $x ) . "
' . $o . "
\n"; - } - } - $this->showForm( wfMsg( "querysuccessful" ) ); - $wgOut->addHTML( "
{$r}\n" ); - } - - function logQuery( $q ) { - global $wgSqlLogFile, $wgLogQueries, $wgUser; - if(!$wgLogQueries) return; - - $f = fopen( $wgSqlLogFile, 'a' ); - fputs( $f, "\n\n" . wfTimestampNow() . - " query by " . $wgUser->getName() . - ":\n$q\n" ); - fclose( $f ); - $this->starttime = wfTime(); - } - - function logFinishedQuery() { - global $wgSqlLogFile, $wgLogQueries; - if(!$wgLogQueries) return; - - $interval = wfTime() - $this->starttime; - - $f = fopen( $wgSqlLogFile, 'a' ); - fputs( $f, 'finished at ' . wfTimestampNow() . "; took $interval secs\n" ); - fclose( $f ); - } - -} - -?> diff --git a/includes/SpecialPage.php b/includes/SpecialPage.php index 17f24a3751..25a6471e09 100644 --- a/includes/SpecialPage.php +++ b/includes/SpecialPage.php @@ -85,7 +85,6 @@ $wgSpecialPages = array_merge($wgSpecialPages, array ( 'Allmessages' => new SpecialPage( 'Allmessages' ), 'Log' => new SpecialPage( 'Log' ), 'Blockip' => new SpecialPage( 'Blockip', 'block' ), - 'Asksql' => new SpecialPage( 'Asksql', 'asksql' ), 'Undelete' => new SpecialPage( 'Undelete', 'delete' ), // Makesysop is obsolete, replaced by Special:Userlevels [av] # 'Makesysop' => new SpecialPage( 'Makesysop', 'userrights' ), diff --git a/includes/SpecialSpecialpages.php b/includes/SpecialSpecialpages.php index bc59328500..677ed31b3a 100644 --- a/includes/SpecialSpecialpages.php +++ b/includes/SpecialSpecialpages.php @@ -58,7 +58,7 @@ from language files [av] */ * @param $sk skin object ??? */ function wfSpecialSpecialpages_gen($pages,$heading,$sk) { - global $wgLang, $wgOut, $wgAllowSysopQueries; + global $wgLang, $wgOut; $wgOut->addHTML( '

' . wfMsg( $heading ) . "

\n