1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-21 16:13:00 +00:00

StorageBox: Fix crash when index.php is a symlink

This commit is contained in:
Starbeamrainbowlabs 2022-02-27 15:56:34 +00:00
parent d99ca1685c
commit bb9a56f59a
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
2 changed files with 4 additions and 4 deletions

View file

@ -19,7 +19,8 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) - [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
- [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to) - [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
- [security] Fixed XSS when the `action` GET param doesn't match a known action - [security] Fixed XSS when the `action` GET param doesn't match a known action
- StorageBox: create SQLite DB ifi it doesn't exist explicitly with `touch()`, because some systems are weird - StorageBox: Create SQLite DB if it doesn't exist explicitly with `touch()`, because some systems are weird
- StorageBox: Fix crash when `index.php` is a symbolic link
- Fixed erroneous additional entries in complex tables of contents - Fixed erroneous additional entries in complex tables of contents

View file

@ -54,9 +54,8 @@ class StorageBox {
*/ */
function __construct(string $filename) { function __construct(string $filename) {
$firstrun = !file_exists($filename); $firstrun = !file_exists($filename);
$filename_db = path_resolve($filename, __DIR__); if(!file_exists($filename)) touch($filename);
if(!file_exists($filename_db)) touch($filename_db); $this->db = new \PDO("sqlite:$filename"); // HACK: This might not work on some systems, because it depends on the current working directory
$this->db = new \PDO("sqlite:$filename_db"); // HACK: This might not work on some systems, because it depends on the current working directory
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($firstrun) { if($firstrun) {
$this->query("CREATE TABLE IF NOT EXISTS store (key TEXT UNIQUE NOT NULL, value TEXT)"); $this->query("CREATE TABLE IF NOT EXISTS store (key TEXT UNIQUE NOT NULL, value TEXT)");