Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
nad@svn.wikimedia.org wrote:
Add SQLite database class
Cool! :D
Couple notes after a quick pass over it...
if ("$wgSQLiteDataDir" == '') $wgSQLiteDataDir = dirname($_SERVER['DOCUMENT_ROOT']).'/data';if (!is_dir($wgSQLiteDataDir)) mkdir($wgSQLiteDataDir,0700);This default sounds a bit insecure, as the raw database files would be exposed to the web unless PHP's running as a different user from the static web server.
That means deleted data, user email-addresses, password hashes, etc would be exposed to download.
- /**
* Use MySQL's naming (accounts for prefix etc) but remove surrounding backticks*/- function tableName($name) {
$t = parent::tableName($name);if (!empty($t)) $t = substr($t,1,-1);I believe this will produce bad output for anything using an explicit DB, eg `dbname`.`prefix_table`.
Dunno whether that'd actually work here anyway, though. :)
I'd say something like what the other 2 database classes use for tableName should be what is used.
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgiQRsACgkQwRnhpk1wk45EZQCg0OKYyarZJ7lTXgqn28W9/YHU 4ZQAniCaE+x+dNhh6E8kV+sIj2LsKv9u =Wd1O -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
~Daniel Friesen(Dantman) of: -The Gaiapedia (http://gaia.wikia.com) -Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG) -and Wiki-Tools.com (http://wiki-tools.com)