Author: Nikita Popov (nikic) Date: 2021-04-11T20:34:58+02:00 Commit: https://github.com/php/web-master/commit/ae99d10d550a56b1e9cad977b57fdb02618a5061 Raw diff: https://github.com/php/web-master/commit/ae99d10d550a56b1e9cad977b57fdb02618a5061.diff
Avoid repeating DB credentials For the code using PDO rather than ext/mysql, add a common method for creating a connection. Changed paths: A src/DB.php M composer.json M composer.lock M public/entry/user-notes-vote.php M public/fetch/allusers.php M public/fetch/user-notes.php M public/fetch/user-profile.php M public/fetch/user.php M public/github-webhook.php M vendor/composer/InstalledVersions.php M vendor/composer/installed.php Diff: diff --git a/composer.json b/composer.json index e3f666f..c43cc3d 100644 --- a/composer.json +++ b/composer.json @@ -8,6 +8,9 @@ "homepage": "https://github.com/php/web-master", "require": { "php": ">=8.0", + "ext-pdo": "*", + "ext-json": "*", + "ext-zlib": "*", "michelf/php-markdown": "^1.9", "phpmailer/phpmailer": "^6.4" }, diff --git a/composer.lock b/composer.lock index 4b87d40..15b97af 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "b4a4a4e6345d8c4cc0be432eb5bbc1bd", + "content-hash": "02178efeb7cd6e85f79a3ebf8975258e", "packages": [ { "name": "michelf/php-markdown", @@ -143,7 +143,10 @@ "prefer-stable": false, "prefer-lowest": false, "platform": { - "php": ">=8.0" + "php": ">=8.0", + "ext-pdo": "*", + "ext-json": "*", + "ext-zlib": "*" }, "platform-dev": [], "plugin-api-version": "2.0.0" diff --git a/public/entry/user-notes-vote.php b/public/entry/user-notes-vote.php index d6641a6..10b99f1 100644 --- a/public/entry/user-notes-vote.php +++ b/public/entry/user-notes-vote.php @@ -20,6 +20,10 @@ { "status": false, "message": "Invalid request..." } */ +use App\DB; + +require __DIR__ . '/../../vendor/autoload.php'; + // Validate that the request to vote on a user note is OK (ip limits, post variables, and db info must pass validation) function vote_validate_request(PDO $dbh) { // Initialize local variables @@ -151,7 +155,7 @@ function vote_validate_request(PDO $dbh) { // Initialize global PDO database handle try { - $dbh = new PDO('mysql:host=localhost;dbname=phpmasterdb', 'nobody', ''); + $dbh = DB::connect(); } catch(PDOException $e) { $jsonResponse->message = "The server could not complete this request. Please try again later..."; echo json_encode($jsonResponse); diff --git a/public/fetch/allusers.php b/public/fetch/allusers.php index 6f2b945..ba4090f 100644 --- a/public/fetch/allusers.php +++ b/public/fetch/allusers.php @@ -1,4 +1,9 @@ -<?php // vim: et ts=4 sw=4 +<?php + +use App\DB; + +require __DIR__ . '/../../vendor/autoload.php'; + function error($text, $status) { switch((int)$status) { @@ -21,7 +26,7 @@ function error($text, $status) (!isset($_GET['token']) || md5($_GET['token']) != "d3fbcabfcf3648095037175fdeef322f") && error("token not correct.", 401); -$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); +$pdo = DB::connect(); $stmt = $pdo->prepare("SELECT name, username FROM users WHERE enable AND cvsaccess"); if (!$stmt->execute()) { diff --git a/public/fetch/user-notes.php b/public/fetch/user-notes.php index cb87b1e..06c4eac 100644 --- a/public/fetch/user-notes.php +++ b/public/fetch/user-notes.php @@ -1,14 +1,16 @@ <?php +use App\DB; + +require __DIR__ . '/../../vendor/autoload.php'; + # token required, since this should only get accessed from rsync.php.net if (!isset($_REQUEST['token']) || md5($_REQUEST['token']) != "19a3ec370affe2d899755f005e5cd90e") die("token not correct."); // Changed old mysql_* stuff to PDO try { - $dbh = new PDO('mysql:host=localhost;dbname=phpmasterdb', 'nobody', ''); - $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0); + $dbh = DB::connect(); } catch (PDOException $e) { // Old error handling was to simply exit. Do we want to log anything here??? exit; diff --git a/public/fetch/user-profile.php b/public/fetch/user-profile.php index 15f1a38..a5ef9f2 100644 --- a/public/fetch/user-profile.php +++ b/public/fetch/user-profile.php @@ -1,4 +1,9 @@ -<?php // vim: et ts=4 sw=4 +<?php + +use App\DB; + +require __DIR__ . '/../../vendor/autoload.php'; + function error($text, $status) { switch((int)$status) { @@ -31,7 +36,7 @@ function render($result) $USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); -$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); +$pdo = DB::connect(); $stmt = $pdo->prepare(" SELECT u.username, COALESCE(up.markdown, '') AS markdown, COALESCE(up.html, '') AS html diff --git a/public/fetch/user.php b/public/fetch/user.php index 68ffbe9..2478954 100644 --- a/public/fetch/user.php +++ b/public/fetch/user.php @@ -1,4 +1,9 @@ -<?php // vim: et ts=4 sw=4 +<?php + +use App\DB; + +require __DIR__ . '/../../vendor/autoload.php'; + function error($text, $status) { switch((int)$status) { @@ -23,7 +28,7 @@ function error($text, $status) $USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); -$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); +$pdo = DB::connect(); $stmt = $pdo->prepare("SELECT userid, name, email, username, spamprotect, use_sa, greylist, enable FROM users WHERE username = ? AND cvsaccess LIMIT 1"); if (!$stmt->execute([$USERNAME])) { diff --git a/public/github-webhook.php b/public/github-webhook.php index 8f8f48e..af721e9 100644 --- a/public/github-webhook.php +++ b/public/github-webhook.php @@ -1,5 +1,7 @@ <?php +use App\DB; + const DRY_RUN = false; require __DIR__ . '/../vendor/autoload.php'; @@ -285,8 +287,7 @@ function handle_push_mail($payload) { handle_ref_change_mail($mailingList, $payload); } - $dbh = new PDO('mysql:host=localhost;dbname=phpmasterdb', 'nobody', ''); - $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $dbh = DB::connect(); $pusherName = $payload->pusher->name; foreach ($payload->commits as $commit) { diff --git a/src/DB.php b/src/DB.php new file mode 100644 index 0000000..db1f84f --- /dev/null +++ b/src/DB.php @@ -0,0 +1,13 @@ +<?php + +namespace App; + +use PDO; + +final class DB extends PDO { + public static function connect() { + $dbh = new self('mysql:host=localhost;dbname=phpmasterdb', 'nobody', ''); + $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + return $dbh; + } +} \ No newline at end of file diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php index 7937cdc..9cce95b 100644 --- a/vendor/composer/InstalledVersions.php +++ b/vendor/composer/InstalledVersions.php @@ -30,7 +30,7 @@ class InstalledVersions 'aliases' => array ( ), - 'reference' => '9117dcd75112492365254c93ea40f0137916a851', + 'reference' => '6d94ee66d392e36e925e984dc43058e71e86c8a4', 'name' => 'php/web-master', ), 'versions' => @@ -51,7 +51,7 @@ class InstalledVersions 'aliases' => array ( ), - 'reference' => '9117dcd75112492365254c93ea40f0137916a851', + 'reference' => '6d94ee66d392e36e925e984dc43058e71e86c8a4', ), 'phpmailer/phpmailer' => array ( diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index f61dbad..a13c251 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -6,7 +6,7 @@ 'aliases' => array ( ), - 'reference' => '9117dcd75112492365254c93ea40f0137916a851', + 'reference' => '6d94ee66d392e36e925e984dc43058e71e86c8a4', 'name' => 'php/web-master', ), 'versions' => @@ -27,7 +27,7 @@ 'aliases' => array ( ), - 'reference' => '9117dcd75112492365254c93ea40f0137916a851', + 'reference' => '6d94ee66d392e36e925e984dc43058e71e86c8a4', ), 'phpmailer/phpmailer' => array ( -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php