Bugfix: user is not allowed #15187
Bugfix: user is not allowed #15187
Conversation
The created user don't has permission to connect to database. I changed the code to give permission Signed-off-by: Vitor Mattos <vitor@php.rio>
vitormattos
force-pushed
the
bugfix-create-database-user
branch
from
1157db1 to
824cc0a
Compare
Signed-off-by: Vitor Mattos <vitor@php.rio>
|
I believe that continuous integration is in trouble. The status is that it is still running. Another point is that the tests that broke in my PR are not influenced by my PR. |
Signed-off-by: Vitor Mattos <vitor@php.rio>
|
@shyim done! |
|
Hello @nickvergessen! |
|
@icewind1991 mind to have a look and check? |
|
Hello everybody! |
|
Can we plan this for the next release? nextcloud/docker#345 is a frequently discussed issue. |
|
@J0WI I don't like these create database / database user code. Would it be a problem for the docker images if we remove those? Nextcloud should use the database / database user provided. |
|
In case it helps: I tried this little patch on my system and it finally worked. |
|
I would also say that using credentials other than provided is super confusing and I was blaming the |
That's fine for Docker. It can already be created in the database container. |
|
Oh... I see, power of opensource 👍 |
|
@rullzer have any pending for me to do in this PR? |
MorrisJobke
modified the milestones:
Nextcloud 16.0.2,
Nextcloud 16.0.3,
Nextcloud 16.0.4
|
Merge? I dont need to use volume ( of course DB is needed ) and this will not work, but it should work.. |
|
Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 |
|
/backport to stable16 |
|
/backport to stable15 |
|
/backport to stable14 |
|
The backport to stable16 failed. Please do this backport manually. |
|
The backport to stable15 failed. Please do this backport manually. |
|
The backport to stable14 failed. Please do this backport manually. |
| @@ -154,6 +154,10 @@ private function createDBUser(IDBConnection $connection) { | |||
| // create the user | |||
| $query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'"); | |||
| $query->execute(); | |||
| if ($this->databaseExists($connection)) { | |||
| $query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO '.addslashes($this->dbUser)); | |||
There was a problem hiding this comment.
Given that this is using ->prepare, shouldn't this be using ? and arguments instead of addslashes?
(https://www.php.net/addslashes -- "The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.")
I think this is one of the roots of what's being discussed over in docker-library/official-images#6252 (comment) (in PostgreSQL, - needs to be escaped, but addslashes won't do so, for example).
This reverts commit 4df6f79. The upstream bug has been fixed in nextcloud/server#15187
This reverts commit 4df6f79. The upstream bug has been fixed in nextcloud/server#15187 Signed-off-by: J0WI <J0WI@users.noreply.github.com>
This reverts commit 4df6f79. The upstream bug has been fixed in nextcloud/server#15187 Signed-off-by: J0WI <J0WI@users.noreply.github.com>
…cloud#961) This reverts commit 4df6f79. The upstream bug has been fixed in nextcloud/server#15187 Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
Please backport manually |
|
Not needed anymore as it is in 17+ and 16 goes EOL soon |
This reverts commit 4df6f79. The upstream bug has been fixed in nextcloud/server#15187 Signed-off-by: J0WI <J0WI@users.noreply.github.com>
The created user using PostgreSQL database don't has permission to connect to database.
I changed the code to give permission
resolve #11311