From bc897063c822ee90fb23abf5189cc2b95e1a4f76 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 22 Sep 2018 03:15:58 -0400 Subject: database: Fix bug in function checkConfig() Because of how this function was implemented, any failure during database instance construction is treated the same way. IE. we cannot tell the difference between 'no db config' (as is the initial default state) and a 'bad db config' (either bogus data, or the server happens to be down). Because of this, if, after the database access is initially set up, access to the db becomes unavailable or someone makes a bad edit to the dbconfig.php file, Scrott behaves as if it is being configured for the first time. This is *dangerous* behavior! (unexpected, at the least) The implication of this is that if Scrott's database access is ever incidentially interrupted, the very next visitor to the site is offered the chance to (silently) reconfigure the server to point to any database of his choosing. This patch updates the checkConfig() function to only 'soft fail' (return false) in the case where the configuration is _actually_ missing. IE. $_SCROTT['conf'] is not defined. This function will otherwise passthrough any and all exceptions which result from instanciating the database instance and will only return true if both of these steps succeed. --- app/class/database.class.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/app/class/database.class.php b/app/class/database.class.php index 3d94e16..a2cab42 100644 --- a/app/class/database.class.php +++ b/app/class/database.class.php @@ -104,15 +104,12 @@ abstract class database */ public static function checkConfig() : bool { - try - { - $db = self::getInstance(); - } - catch (Exception $e) - { + global $_SCROTT; + + if (!isset($_SCROTT['conf'])) return false; - } + $db = self::getInstance(); return true; } -- cgit v1.2.3