From 7b9dfd097cbc32f8a45ff40183d093ec76a7dc21 Mon Sep 17 00:00:00 2001
From: Max Semenik <maxsem@users.mediawiki.org>
Date: Wed, 23 Feb 2011 12:35:11 +0000
Subject: [PATCH] (bug 20244) Installer does not validate SQLite database
 directory for stable path.

This is a must for 1.17 so adding a note to HISTORY instead of RELEASE-NOTES
---
 HISTORY                                |  1 +
 includes/installer/SqliteInstaller.php | 26 ++++++++++++++++++++------
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/HISTORY b/HISTORY
index 8c2dc7c603..dd0870ade0 100644
--- a/HISTORY
+++ b/HISTORY
@@ -450,6 +450,7 @@ LocalSettings.php. The specific bugs are listed below in the general notes.
 * rebuildFileCache.php no longer creates inappropriate cache files for redirects
 * (bug 18372) $wgFileExtensions will now override $wgFileBlacklist 
 * (bug 25512) Subcategory list should not include category prefix for members.
+* (bug 20244) Installer does not validate SQLite database directory for stable path
 
 === API changes in 1.17 ===
 * (bug 22738) Allow filtering by action type on query=logevent.
diff --git a/includes/installer/SqliteInstaller.php b/includes/installer/SqliteInstaller.php
index 0daf37fccc..6b57d18582 100644
--- a/includes/installer/SqliteInstaller.php
+++ b/includes/installer/SqliteInstaller.php
@@ -45,16 +45,30 @@ class SqliteInstaller extends DatabaseInstaller {
 			$this->getTextBox( 'wgDBname', 'config-db-name', array(), $this->parent->getHelpBox( 'config-sqlite-name-help' ) );
 	}
 
+	/*
+	 * Safe wrapper for PHP's realpath() that fails gracefully if it's unable to canonicalize the path.
+	 */
+	private static function realpath( $path ) {
+		$result = realpath( $path );
+		if ( !$result ) {
+			return $path;
+		}
+		return $result;
+	}
+
 	public function submitConnectForm() {
 		$this->setVarsFromRequest( array( 'wgSQLiteDataDir', 'wgDBname' ) );
 
-		$dir = realpath( $this->getVar( 'wgSQLiteDataDir' ) );
-		if ( !$dir ) {
-			// realpath() sometimes fails, especially on Windows
-			$dir = $this->getVar( 'wgSQLiteDataDir' );
+		# Try realpath() if the directory already exists
+		$dir = self::realpath( $this->getVar( 'wgSQLiteDataDir' ) );
+		$result = self::dataDirOKmaybeCreate( $dir, true /* create? */ );
+		if ( $result->isOK() )
+		{
+			# Try expanding again in case we've just created it
+			$dir = self::realpath( $dir );
+			$this->setVar( 'wgSQLiteDataDir', $dir );
 		}
-		$this->setVar( 'wgSQLiteDataDir', $dir );
-		return self::dataDirOKmaybeCreate( $dir, true /* create? */ );
+		return $result;
 	}
 
 	private static function dataDirOKmaybeCreate( $dir, $create = false ) {
-- 
2.20.1