-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
nad@svn.wikimedia.org wrote:
Add SQLite database class
Cool! :D
Couple notes after a quick pass over it...
if ("$wgSQLiteDataDir" == '') $wgSQLiteDataDir = dirname($_SERVER['DOCUMENT_ROOT']).'/data';if (!is_dir($wgSQLiteDataDir)) mkdir($wgSQLiteDataDir,0700);
This default sounds a bit insecure, as the raw database files would be exposed to the web unless PHP's running as a different user from the static web server.
That means deleted data, user email-addresses, password hashes, etc would be exposed to download.
- /**
* Use MySQL's naming (accounts for prefix etc) but remove surrounding backticks*/- function tableName($name) {
$t = parent::tableName($name);if (!empty($t)) $t = substr($t,1,-1);
I believe this will produce bad output for anything using an explicit DB, eg `dbname`.`prefix_table`.
Dunno whether that'd actually work here anyway, though. :)
- -- brion vibber (brion @ wikimedia.org)