From bc46722902c63aa492b737a40592ae7e82c8963d Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 6 Dec 2010 13:20:01 +0000 Subject: [PATCH] * Made it possible to run multiple installer instances in the same cookie domain without them overwriting or misinterpreting each others' sessions. This is mostly paranoia: one could imagine a situation where the installer from one version of MW becomes insecure when run on the session from another. Did this by making installerData an array indexed by a hash of path and $wgVersion. I could have used $wgCookiePrefix, but that would have broken NoLocalSettings.php, which has no access to AutoLoader and so can't access Installer methods. * Moved most of the functionality of config/index.php from the file level to a function, so that we can have local variables. --- config/index.php | 45 ++++++++++++++++++----------- includes/installer/WebInstaller.php | 21 +++++++++++++- 2 files changed, 48 insertions(+), 18 deletions(-) diff --git a/config/index.php b/config/index.php index e743151996..9c395e5874 100644 --- a/config/index.php +++ b/config/index.php @@ -11,27 +11,38 @@ define( 'MEDIAWIKI_INSTALL', true ); chdir( ".." ); require( './includes/WebStart.php' ); -$installer = new WebInstaller( $wgRequest ); +wfInstallerMain(); -if ( !$installer->startSession() ) { - $installer->finish(); - exit; -} +function wfInstallerMain() { + global $wgRequest, $wgLang, $wgMetaNamespace, $wgCanonicalNamespaceNames; -$session = isset( $_SESSION['installData'] ) ? $_SESSION['installData'] : array(); + $installer = new WebInstaller( $wgRequest ); -if ( isset( $session['settings']['_UserLang'] ) ) { - $langCode = $session['settings']['_UserLang']; -} elseif ( !is_null( $wgRequest->getVal( 'UserLang' ) ) ) { - $langCode = $wgRequest->getVal( 'UserLang' ); -} else { - $langCode = 'en'; -} -$wgLang = Language::factory( $langCode ); + if ( !$installer->startSession() ) { + $installer->finish(); + exit; + } + + $fingerprint = $installer->getFingerprint(); + if ( isset( $_SESSION['installData'][$fingerprint] ) ) { + $session = $_SESSION['installData'][$fingerprint]; + } else { + $session = array(); + } -$wgMetaNamespace = $wgCanonicalNamespaceNames[NS_PROJECT]; + if ( isset( $session['settings']['_UserLang'] ) ) { + $langCode = $session['settings']['_UserLang']; + } elseif ( !is_null( $wgRequest->getVal( 'UserLang' ) ) ) { + $langCode = $wgRequest->getVal( 'UserLang' ); + } else { + $langCode = 'en'; + } + $wgLang = Language::factory( $langCode ); -$session = $installer->execute( $session ); + $wgMetaNamespace = $wgCanonicalNamespaceNames[NS_PROJECT]; -$_SESSION['installData'] = $session; + $session = $installer->execute( $session ); + $_SESSION['installData'][$fingerprint] = $session; + +} diff --git a/includes/installer/WebInstaller.php b/includes/installer/WebInstaller.php index fa1a12abd4..a676d93081 100644 --- a/includes/installer/WebInstaller.php +++ b/includes/installer/WebInstaller.php @@ -331,6 +331,25 @@ class WebInstaller extends CoreInstaller { return count( $parts ) == 1 ? $parts[0] : $parts[1]; } + /** + * Get a hash of data identifying this MW installation. + * + * This is used by config/index.php to prevent multiple installations of MW + * on the same cookie domain from interfering with each other. + */ + public function getFingerprint() { + // Get the base URL of the installation + $url = $this->request->getFullRequestURL(); + if ( preg_match( '!^(.*)/[^/]*/[^/]*$!', $url, $m ) ) { + $url = $m[1]; + } + return md5( serialize( array( + 'local path' => dirname( dirname( __FILE__ ) ), + 'url' => $url, + 'version' => $GLOBALS['wgVersion'] + ) ) ); + } + /** * Show an error message in a box. Parameters are like wfMsg(). */ @@ -929,4 +948,4 @@ class WebInstaller extends CoreInstaller { return $url; } -} \ No newline at end of file +} -- 2.20.1