Merge pull request #6645 from nextcloud/fix-6642-only-colons-for-ipv6

Only allow colons in db host for IPv6 addresses

lib/private/Setup.php

@@ -42,6 +42,8 @@ namespace OC;
 use bantu\IniGetWrapper\IniGetWrapper;
 use Exception;
 use OC\App\AppStore\Bundles\BundleFetcher;
+use OC\Authentication\Token\DefaultTokenCleanupJob;
+use OC\Authentication\Token\DefaultTokenProvider;
 use OCP\Defaults;
 use OCP\IL10N;
 use OCP\ILogger;
@@ -84,7 +86,7 @@ class Setup {
 		$this->random = $random;
 	}
 
-	static $dbSetupClasses = [
+	static protected $dbSetupClasses = [
 		'mysql' => \OC\Setup\MySQL::class,
 		'pgsql' => \OC\Setup\PostgreSQL::class,
 		'oci'   => \OC\Setup\OCI::class,
@@ -127,33 +129,33 @@ class Setup {
 	 * @throws Exception
 	 */
 	public function getSupportedDatabases($allowAllDatabases = false) {
-		$availableDatabases = array(
-			'sqlite' =>  array(
+		$availableDatabases = [
+			'sqlite' =>  [
 				'type' => 'pdo',
 				'call' => 'sqlite',
-				'name' => 'SQLite'
-			),
-			'mysql' => array(
+				'name' => 'SQLite',
+			],
+			'mysql' => [
 				'type' => 'pdo',
 				'call' => 'mysql',
-				'name' => 'MySQL/MariaDB'
-			),
-			'pgsql' => array(
+				'name' => 'MySQL/MariaDB',
+			],
+			'pgsql' => [
 				'type' => 'pdo',
 				'call' => 'pgsql',
-				'name' => 'PostgreSQL'
-			),
-			'oci' => array(
+				'name' => 'PostgreSQL',
+			],
+			'oci' => [
 				'type' => 'function',
 				'call' => 'oci_connect',
-				'name' => 'Oracle'
-			)
-		);
+				'name' => 'Oracle',
+			],
+		];
 		if ($allowAllDatabases) {
 			$configuredDatabases = array_keys($availableDatabases);
 		} else {
 			$configuredDatabases = $this->config->getValue('supportedDatabases',
-				array('sqlite', 'mysql', 'pgsql'));
+				['sqlite', 'mysql', 'pgsql']);
 		}
 		if(!is_array($configuredDatabases)) {
 			throw new Exception('Supported databases are not properly configured.');
@@ -170,7 +172,7 @@ class Setup {
 				if ($type === 'function') {
 					$working = $this->is_callable($call);
 				} elseif($type === 'pdo') {
-					$working = in_array($call, $this->getAvailableDbDriversForPdo(), TRUE);
+					$working = in_array($call, $this->getAvailableDbDriversForPdo(), true);
 				}
 				if($working) {
 					$supportedDatabases[$database] = $availableDatabases[$database]['name'];
@@ -193,7 +195,7 @@ class Setup {
 
 		$dataDir = $this->config->getValue('datadirectory', \OC::$SERVERROOT.'/data');
 
-		$errors = array();
+		$errors = [];
 
 		// Create data directory to test whether the .htaccess works
 		// Notice that this is not necessarily the same data directory as the one
@@ -204,40 +206,40 @@ class Setup {
 		$htAccessWorking = true;
 		if (is_dir($dataDir) && is_writable($dataDir)) {
 			// Protect data directory here, so we can test if the protection is working
-			\OC\Setup::protectDataDirectory();
+			self::protectDataDirectory();
 
 			try {
 				$util = new \OC_Util();
 				$htAccessWorking = $util->isHtaccessWorking(\OC::$server->getConfig());
 			} catch (\OC\HintException $e) {
-				$errors[] = array(
+				$errors[] = [
 					'error' => $e->getMessage(),
-					'hint' => $e->getHint()
-				);
+					'hint' => $e->getHint(),
+				];
 				$htAccessWorking = false;
 			}
 		}
 
 		if (\OC_Util::runningOnMac()) {
-			$errors[] = array(
+			$errors[] = [
 				'error' => $this->l10n->t(
 					'Mac OS X is not supported and %s will not work properly on this platform. ' .
 					'Use it at your own risk! ',
 					[$this->defaults->getName()]
 				),
-				'hint' => $this->l10n->t('For the best results, please consider using a GNU/Linux server instead.')
-			);
+				'hint' => $this->l10n->t('For the best results, please consider using a GNU/Linux server instead.'),
+			];
 		}
 
 		if($this->iniWrapper->getString('open_basedir') !== '' && PHP_INT_SIZE === 4) {
-			$errors[] = array(
+			$errors[] = [
 				'error' => $this->l10n->t(
 					'It seems that this %s instance is running on a 32-bit PHP environment and the open_basedir has been configured in php.ini. ' .
 					'This will lead to problems with files over 4 GB and is highly discouraged.',
 					[$this->defaults->getName()]
 				),
-				'hint' => $this->l10n->t('Please remove the open_basedir setting within your php.ini or switch to 64-bit PHP.')
-			);
+				'hint' => $this->l10n->t('Please remove the open_basedir setting within your php.ini or switch to 64-bit PHP.'),
+			];
 		}
 
 		return array(
@@ -286,14 +288,15 @@ class Setup {
 		$error = array_merge($error, $dbSetup->validate($options));
 
 		// validate the data directory
-		if (
-			(!is_dir($dataDir) and !mkdir($dataDir)) or
-			!is_writable($dataDir)
-		) {
+		if ((!is_dir($dataDir) && !mkdir($dataDir)) || !is_writable($dataDir)) {
 			$error[] = $l->t("Can't create or write into the data directory %s", array($dataDir));
 		}
 
-		if(count($error) != 0) {
+		if (!$this->validateDatabaseHost($options['dbhost'])) {
+			$error[] = $l->t('Given database host is invalid and must not contain the port: %s', [$options['dbhost']]);
+		}
+
+		if (!empty($error)) {
 			return $error;
 		}
 
@@ -308,8 +311,8 @@ class Setup {
 		}
 
 		//use sqlite3 when available, otherwise sqlite2 will be used.
-		if($dbType=='sqlite' and class_exists('SQLite3')) {
-			$dbType='sqlite3';
+		if ($dbType === 'sqlite' && class_exists('SQLite3')) {
+			$dbType = 'sqlite3';
 		}
 
 		//generate a random salt that is used to salt the local user passwords
@@ -334,17 +337,17 @@ class Setup {
 			// apply necessary migrations
 			$dbSetup->runMigrations();
 		} catch (\OC\DatabaseSetupException $e) {
-			$error[] = array(
+			$error[] = [
 				'error' => $e->getMessage(),
-				'hint' => $e->getHint()
-			);
-			return($error);
+				'hint' => $e->getHint(),
+			];
+			return $error;
 		} catch (Exception $e) {
-			$error[] = array(
+			$error[] = [
 				'error' => 'Error while trying to create admin user: ' . $e->getMessage(),
-				'hint' => ''
-			);
-			return($error);
+				'hint' => '',
+			];
+			return $error;
 		}
 
 		//create the user and group
@@ -358,7 +361,7 @@ class Setup {
 			$error[] = $exception->getMessage();
 		}
 
-		if(count($error) == 0) {
+		if (empty($error)) {
 			$config = \OC::$server->getConfig();
 			$config->setAppValue('core', 'installedat', microtime(true));
 			$config->setAppValue('core', 'lastupdatedat', microtime(true));
@@ -389,8 +392,8 @@ class Setup {
 			file_put_contents($config->getSystemValue('datadirectory', \OC::$SERVERROOT.'/data').'/.ocdata', '');
 
 			// Update .htaccess files
-			Setup::updateHtaccess();
-			Setup::protectDataDirectory();
+			self::updateHtaccess();
+			self::protectDataDirectory();
 
 			self::installBackgroundJobs();
 
@@ -401,7 +404,7 @@ class Setup {
 			// The token provider requires a working db, so it's not injected on setup
 			/* @var $userSession User\Session */
 			$userSession = \OC::$server->getUserSession();
-			$defaultTokenProvider = \OC::$server->query('OC\Authentication\Token\DefaultTokenProvider');
+			$defaultTokenProvider = \OC::$server->query(DefaultTokenProvider::class);
 			$userSession->setTokenProvider($defaultTokenProvider);
 			$userSession->login($username, $password);
 			$userSession->createSessionToken($request, $userSession->getUser()->getUID(), $username, $password);
@@ -410,8 +413,20 @@ class Setup {
 		return $error;
 	}
 
+	/**
+	 * @param string $host
+	 * @return bool
+	 */
+	protected function validateDatabaseHost($host) {
+		if (strpos($host, ':') === false) {
+			return true;
+		}
+
+		return filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
+	}
+
 	public static function installBackgroundJobs() {
-		\OC::$server->getJobList()->add('\OC\Authentication\Token\DefaultTokenCleanupJob');
+		\OC::$server->getJobList()->add(DefaultTokenCleanupJob::class);
 	}
 
 	/**