upgrade.php @ 4027:c402f895a2c9

Visit:

Revision 4027:c402f895a2c9, 34.9 KB checked in by franck <carnet.franck.paul@…>, 6 years ago (diff)
Fix SQL request for CSP unsafe-inline setting ; closes #2299

Line
1	<?php
2	/**
3	* @brief Dotclear upgrade procedure
4	*
5	* @package Dotclear
6	* @subpackage Core
7	*
8	* @copyright Olivier Meunier & Association Dotclear
9	* @copyright GPL-2.0-only
10	*/
11
12	if (!defined('DC_RC_PATH')) {return;}
13
14	class dcUpgrade
15	{
16	public static function dotclearUpgrade($core)
17	{
18	$version = $core->getVersion('core');
19
20	if ($version === null) {
21	return false;
22	}
23
24	if (version_compare($version, DC_VERSION, '<') == 1 \|\| strpos(DC_VERSION, 'dev')) {
25	try
26	{
27	if ($core->con->driver() == 'sqlite') {
28	return false; // Need to find a way to upgrade sqlite database
29	}
30
31	# Database upgrade
32	$_s = new dbStruct($core->con, $core->prefix);
33	require dirname(__FILE__) . '/db-schema.php';
34
35	$si = new dbStruct($core->con, $core->prefix);
36	$changes = $si->synchronize($_s);
37
38	/* Some other upgrades
39	------------------------------------ */
40	$cleanup_sessions = self::growUp($core, $version);
41
42	# Drop content from session table if changes or if needed
43	if ($changes != 0 \|\| $cleanup_sessions) {
44	$core->con->execute('DELETE FROM ' . $core->prefix . 'session ');
45	}
46
47	# Empty templates cache directory
48	try {
49	$core->emptyTemplatesCache();
50	} catch (Exception $e) {}
51
52	return $changes;
53	} catch (Exception $e) {
54	throw new Exception(__('Something went wrong with auto upgrade:') .
55	' ' . $e->getMessage());
56	}
57	}
58
59	# No upgrade?
60	return false;
61	}
62
63	public static function growUp($core, $version)
64	{
65	if ($version === null) {
66	return false;
67	}
68
69	$cleanup_sessions = false; // update it in a step that needed sessions to be removed
70
71	# Populate media_dir field (since 2.0-beta3.3)
72	if (version_compare($version, '2.0-beta3.3', '<')) {
73	$strReq = 'SELECT media_id, media_file FROM ' . $core->prefix . 'media ';
74	$rs_m = $core->con->select($strReq);
75	while ($rs_m->fetch()) {
76	$cur = $core->con->openCursor($core->prefix . 'media');
77	$cur->media_dir = dirname($rs_m->media_file);
78	$cur->update('WHERE media_id = ' . (integer) $rs_m->media_id);
79	}
80	}
81
82	if (version_compare($version, '2.0-beta7.3', '<')) {
83	# Blowup becomes default theme
84	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
85	"SET setting_value = '%s' " .
86	"WHERE setting_id = 'theme' " .
87	"AND setting_value = '%s' " .
88	'AND blog_id IS NOT NULL ';
89	$core->con->execute(sprintf($strReq, 'blueSilence', 'default'));
90	$core->con->execute(sprintf($strReq, 'default', 'blowup'));
91	}
92
93	if (version_compare($version, '2.1-alpha2-r2383', '<')) {
94	$schema = dbSchema::init($core->con);
95	$schema->dropUnique($core->prefix . 'category', $core->prefix . 'uk_cat_title');
96
97	# Reindex categories
98	$rs = $core->con->select(
99	'SELECT cat_id, cat_title, blog_id ' .
100	'FROM ' . $core->prefix . 'category ' .
101	'ORDER BY blog_id ASC , cat_position ASC '
102	);
103	$cat_blog = $rs->blog_id;
104	$i = 2;
105	while ($rs->fetch()) {
106	if ($cat_blog != $rs->blog_id) {
107	$i = 2;
108	}
109	$core->con->execute(
110	'UPDATE ' . $core->prefix . 'category SET '
111	. 'cat_lft = ' . ($i++) . ', cat_rgt = ' . ($i++) . ' ' .
112	'WHERE cat_id = ' . (integer) $rs->cat_id
113	);
114	$cat_blog = $rs->blog_id;
115	}
116	}
117
118	if (version_compare($version, '2.1.6', '<=')) {
119	# ie7js has been upgraded
120	$ie7files = [
121	'ie7-base64.php ',
122	'ie7-content.htc',
123	'ie7-core.js',
124	'ie7-css2-selectors.js',
125	'ie7-css3-selectors.js',
126	'ie7-css-strict.js',
127	'ie7-dhtml.js',
128	'ie7-dynamic-attributes.js',
129	'ie7-fixed.js',
130	'ie7-graphics.js',
131	'ie7-html4.js',
132	'ie7-ie5.js',
133	'ie7-layout.js',
134	'ie7-load.htc',
135	'ie7-object.htc',
136	'ie7-overflow.js',
137	'ie7-quirks.js',
138	'ie7-server.css',
139	'ie7-standard-p.js',
140	'ie7-xml-extras.js'
141	];
142	foreach ($ie7files as $f) {
143	@unlink(DC_ROOT . '/admin/js/ie7/' . $f);
144	}
145	}
146
147	if (version_compare($version, '2.2-alpha1-r3043', '<')) {
148	# metadata has been integrated to the core.
149	$core->plugins->loadModules(DC_PLUGINS_ROOT);
150	if ($core->plugins->moduleExists('metadata')) {
151	$core->plugins->deleteModule('metadata');
152	}
153
154	# Tags template class has been renamed
155	$sqlstr =
156	'SELECT blog_id, setting_id, setting_value ' .
157	'FROM ' . $core->prefix . 'setting ' .
158	'WHERE (setting_id = \'widgets_nav\' OR setting_id = \'widgets_extra\') ' .
159	'AND setting_ns = \'widgets\';';
160	$rs = $core->con->select($sqlstr);
161	while ($rs->fetch()) {
162	$widgetsettings = base64_decode($rs->setting_value);
163	$widgetsettings = str_replace('s:11:"tplMetadata"', 's:7:"tplTags"', $widgetsettings);
164	$cur = $core->con->openCursor($core->prefix . 'setting');
165	$cur->setting_value = base64_encode($widgetsettings);
166	$sqlstr = 'WHERE setting_id = \'' . $rs->setting_id . '\' AND setting_ns = \'widgets\' ' .
167	'AND blog_id ' .
168	($rs->blog_id == null ? 'is NULL' : '= \'' . $core->con->escape($rs->blog_id) . '\'');
169	$cur->update($sqlstr);
170	}
171	}
172
173	if (version_compare($version, '2.3', '<')) {
174	# Add global favorites
175	$init_fav = [];
176
177	$init_fav['new_post'] = ['new_post', 'New entry', 'post.php',
178	'images/menu/edit.png', 'images/menu/edit-b.png',
179	'usage,contentadmin', null, null];
180	$init_fav['newpage'] = ['newpage', 'New page', 'plugin.php?p=pages&act=page',
181	'index.php?pf=pages/icon-np.png', 'index.php?pf=pages/icon-np-big.png',
182	'contentadmin,pages', null, null];
183	$init_fav['media'] = ['media', 'Media manager', 'media.php',
184	'images/menu/media.png', 'images/menu/media-b.png',
185	'media,media_admin', null, null];
186	$init_fav['widgets'] = ['widgets', 'Presentation widgets', 'plugin.php?p=widgets',
187	'index.php?pf=widgets/icon.png', 'index.php?pf=widgets/icon-big.png',
188	'admin', null, null];
189	$init_fav['blog_theme'] = ['blog_theme', 'Blog appearance', 'blog_theme.php',
190	'images/menu/themes.png', 'images/menu/blog-theme-b.png',
191	'admin', null, null];
192
193	$count = 0;
194	foreach ($init_fav as $k => $f) {
195	$t = ['name' => $f[0], 'title' => $f[1], 'url' => $f[2], 'small-icon' => $f[3],
196	'large-icon' => $f[4], 'permissions' => $f[5], 'id' => $f[6], 'class' => $f[7]];
197	$sqlstr = 'INSERT INTO ' . $core->prefix . 'pref (pref_id, user_id, pref_ws, pref_value, pref_type, pref_label) VALUES (' .
198	'\'' . sprintf("g%03s", $count) . '\',NULL,\'favorites\',\'' . serialize($t) . '\',\'string\',NULL);';
199	$core->con->execute($sqlstr);
200	$count++;
201	}
202
203	# A bit of housecleaning for no longer needed files
204	$remfiles = [
205	'admin/style/cat-bg.png',
206	'admin/style/footer-bg.png',
207	'admin/style/head-logo.png',
208	'admin/style/tab-bg.png',
209	'admin/style/tab-c-l.png',
210	'admin/style/tab-c-r.png',
211	'admin/style/tab-l-l.png',
212	'admin/style/tab-l-r.png',
213	'admin/style/tab-n-l.png',
214	'admin/style/tab-n-r.png',
215	'inc/clearbricks/_common.php',
216	'inc/clearbricks/common/lib.crypt.php',
217	'inc/clearbricks/common/lib.date.php',
218	'inc/clearbricks/common/lib.files.php',
219	'inc/clearbricks/common/lib.form.php',
220	'inc/clearbricks/common/lib.html.php',
221	'inc/clearbricks/common/lib.http.php',
222	'inc/clearbricks/common/lib.l10n.php',
223	'inc/clearbricks/common/lib.text.php',
224	'inc/clearbricks/common/tz.dat',
225	'inc/clearbricks/common/_main.php',
226	'inc/clearbricks/dblayer/class.cursor.php',
227	'inc/clearbricks/dblayer/class.mysql.php',
228	'inc/clearbricks/dblayer/class.pgsql.php',
229	'inc/clearbricks/dblayer/class.sqlite.php',
230	'inc/clearbricks/dblayer/dblayer.php',
231	'inc/clearbricks/dbschema/class.dbschema.php',
232	'inc/clearbricks/dbschema/class.dbstruct.php',
233	'inc/clearbricks/dbschema/class.mysql.dbschema.php',
234	'inc/clearbricks/dbschema/class.pgsql.dbschema.php',
235	'inc/clearbricks/dbschema/class.sqlite.dbschema.php',
236	'inc/clearbricks/diff/lib.diff.php',
237	'inc/clearbricks/diff/lib.unified.diff.php',
238	'inc/clearbricks/filemanager/class.filemanager.php',
239	'inc/clearbricks/html.filter/class.html.filter.php',
240	'inc/clearbricks/html.validator/class.html.validator.php',
241	'inc/clearbricks/image/class.image.meta.php',
242	'inc/clearbricks/image/class.image.tools.php',
243	'inc/clearbricks/mail/class.mail.php',
244	'inc/clearbricks/mail/class.socket.mail.php',
245	'inc/clearbricks/net/class.net.socket.php',
246	'inc/clearbricks/net.http/class.net.http.php',
247	'inc/clearbricks/net.http.feed/class.feed.parser.php',
248	'inc/clearbricks/net.http.feed/class.feed.reader.php',
249	'inc/clearbricks/net.xmlrpc/class.net.xmlrpc.php',
250	'inc/clearbricks/pager/class.pager.php',
251	'inc/clearbricks/rest/class.rest.php',
252	'inc/clearbricks/session.db/class.session.db.php',
253	'inc/clearbricks/template/class.template.php',
254	'inc/clearbricks/text.wiki2xhtml/class.wiki2xhtml.php',
255	'inc/clearbricks/url.handler/class.url.handler.php',
256	'inc/clearbricks/zip/class.unzip.php',
257	'inc/clearbricks/zip/class.zip.php',
258	'themes/default/tpl/.htaccess',
259	'themes/default/tpl/404.html',
260	'themes/default/tpl/archive.html',
261	'themes/default/tpl/archive_month.html',
262	'themes/default/tpl/category.html',
263	'themes/default/tpl/home.html',
264	'themes/default/tpl/post.html',
265	'themes/default/tpl/search.html',
266	'themes/default/tpl/tag.html',
267	'themes/default/tpl/tags.html',
268	'themes/default/tpl/user_head.html',
269	'themes/default/tpl/_flv_player.html',
270	'themes/default/tpl/_footer.html',
271	'themes/default/tpl/_head.html',
272	'themes/default/tpl/_mp3_player.html',
273	'themes/default/tpl/_top.html'
274	];
275	$remfolders = [
276	'inc/clearbricks/common',
277	'inc/clearbricks/dblayer',
278	'inc/clearbricks/dbschema',
279	'inc/clearbricks/diff',
280	'inc/clearbricks/filemanager',
281	'inc/clearbricks/html.filter',
282	'inc/clearbricks/html.validator',
283	'inc/clearbricks/image',
284	'inc/clearbricks/mail',
285	'inc/clearbricks/net',
286	'inc/clearbricks/net.http',
287	'inc/clearbricks/net.http.feed',
288	'inc/clearbricks/net.xmlrpc',
289	'inc/clearbricks/pager',
290	'inc/clearbricks/rest',
291	'inc/clearbricks/session.db',
292	'inc/clearbricks/template',
293	'inc/clearbricks/text.wiki2xhtml',
294	'inc/clearbricks/url.handler',
295	'inc/clearbricks/zip',
296	'inc/clearbricks',
297	'themes/default/tpl'
298	];
299
300	foreach ($remfiles as $f) {
301	@unlink(DC_ROOT . '/' . $f);
302	}
303	foreach ($remfolders as $f) {
304	@rmdir(DC_ROOT . '/' . $f);
305	}
306	}
307
308	if (version_compare($version, '2.3.1', '<')) {
309	# Remove unecessary file
310	@unlink(DC_ROOT . '/' . 'inc/libs/clearbricks/.hgignore');
311	}
312
313	if (version_compare($version, '2.5', '<=')) {
314	# Try to disable daInstaller plugin if it has been installed outside the default plugins directory
315	$path = explode(PATH_SEPARATOR, DC_PLUGINS_ROOT);
316	$default = path::real(dirname(__FILE__) . '/../../plugins/');
317	foreach ($path as $root) {
318	if (!is_dir($root) \|\| !is_readable($root)) {
319	continue;
320	}
321	if (substr($root, -1) != '/') {
322	$root .= '/';
323	}
324	if (($p = @dir($root)) === false) {
325	continue;
326	}
327	if (path::real($root) == $default) {
328	continue;
329	}
330	if (($d = @dir($root . 'daInstaller')) === false) {
331	continue;
332	}
333	$f = $root . '/daInstaller/_disabled';
334	if (!file_exists($f)) {
335	@file_put_contents($f, '');
336	}
337	}
338	}
339
340	if (version_compare($version, '2.5.1', '<=')) {
341	// Flash enhanced upload no longer needed
342	@unlink(DC_ROOT . '/' . 'inc/swf/swfupload.swf');
343	}
344
345	if (version_compare($version, '2.6', '<=')) {
346	// README has been replaced by README.md and CONTRIBUTING.md
347	@unlink(DC_ROOT . '/' . 'README');
348
349	// trackbacks are now merged into posts
350	@unlink(DC_ROOT . '/' . 'admin/trackbacks.php');
351
352	# daInstaller has been integrated to the core.
353	# Try to remove it
354	$path = explode(PATH_SEPARATOR, DC_PLUGINS_ROOT);
355	foreach ($path as $root) {
356	if (!is_dir($root) \|\| !is_readable($root)) {
357	continue;
358	}
359	if (substr($root, -1) != '/') {
360	$root .= '/';
361	}
362	if (($p = @dir($root)) === false) {
363	continue;
364	}
365	if (($d = @dir($root . 'daInstaller')) === false) {
366	continue;
367	}
368	files::deltree($root . '/daInstaller');
369	}
370
371	# Some settings change, prepare db queries
372	$strReqFormat = 'INSERT INTO ' . $core->prefix . 'setting';
373	$strReqFormat .= ' (setting_id,setting_ns,setting_value,setting_type,setting_label)';
374	$strReqFormat .= ' VALUES(\'%s\',\'system\',\'%s\',\'string\',\'%s\')';
375
376	$strReqSelect = 'SELECT count(1) FROM ' . $core->prefix . 'setting';
377	$strReqSelect .= ' WHERE setting_id = \'%s\'';
378	$strReqSelect .= ' AND setting_ns = \'system\'';
379	$strReqSelect .= ' AND blog_id IS NULL';
380
381	# Add date and time formats
382	$date_formats = ['%Y-%m-%d', '%m/%d/%Y', '%d/%m/%Y', '%Y/%m/%d', '%d.%m.%Y', '%b %e %Y', '%e %b %Y', '%Y %b %e',
383	'%a, %Y-%m-%d', '%a, %m/%d/%Y', '%a, %d/%m/%Y', '%a, %Y/%m/%d', '%B %e, %Y', '%e %B, %Y', '%Y, %B %e', '%e. %B %Y',
384	'%A, %B %e, %Y', '%A, %e %B, %Y', '%A, %Y, %B %e', '%A, %Y, %B %e', '%A, %e. %B %Y'];
385	$time_formats = ['%H:%M', '%I:%M', '%l:%M', '%Hh%M', '%Ih%M', '%lh%M'];
386	if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
387	$date_formats = array_map(function ($f) {return str_replace('%e', '%#d', $f);}, $date_formats);
388	}
389
390	$rs = $core->con->select(sprintf($strReqSelect, 'date_formats'));
391	if ($rs->f(0) == 0) {
392	$strReq = sprintf($strReqFormat, 'date_formats', serialize($date_formats), 'Date formats examples');
393	$core->con->execute($strReq);
394	}
395	$rs = $core->con->select(sprintf($strReqSelect, 'time_formats'));
396	if ($rs->f(0) == 0) {
397	$strReq = sprintf($strReqFormat, 'time_formats', serialize($time_formats), 'Time formats examples');
398	$core->con->execute($strReq);
399	}
400
401	# Add repository URL for themes and plugins as daInstaller move to core
402	$rs = $core->con->select(sprintf($strReqSelect, 'store_plugin_url'));
403	if ($rs->f(0) == 0) {
404	$strReq = sprintf($strReqFormat, 'store_plugin_url', 'http://update.dotaddict.org/dc2/plugins.xml', 'Plugins XML feed location');
405	$core->con->execute($strReq);
406	}
407	$rs = $core->con->select(sprintf($strReqSelect, 'store_theme_url'));
408	if ($rs->f(0) == 0) {
409	$strReq = sprintf($strReqFormat, 'store_theme_url', 'http://update.dotaddict.org/dc2/themes.xml', 'Themes XML feed location');
410	$core->con->execute($strReq);
411	}
412	}
413
414	if (version_compare($version, '2.7', '<=')) {
415	# Some new settings should be initialized, prepare db queries
416	$strReqFormat = 'INSERT INTO ' . $core->prefix . 'setting';
417	$strReqFormat .= ' (setting_id,setting_ns,setting_value,setting_type,setting_label)';
418	$strReqFormat .= ' VALUES(\'%s\',\'system\',\'%s\',\'string\',\'%s\')';
419
420	$strReqCount = 'SELECT count(1) FROM ' . $core->prefix . 'setting';
421	$strReqCount .= ' WHERE setting_id = \'%s\'';
422	$strReqCount .= ' AND setting_ns = \'system\'';
423	$strReqCount .= ' AND blog_id IS NULL';
424
425	$strReqSelect = 'SELECT setting_value FROM ' . $core->prefix . 'setting';
426	$strReqSelect .= ' WHERE setting_id = \'%s\'';
427	$strReqSelect .= ' AND setting_ns = \'system\'';
428	$strReqSelect .= ' AND blog_id IS NULL';
429
430	# Add nb of posts for home (first page), copying nb of posts on every page
431	$rs = $core->con->select(sprintf($strReqCount, 'nb_post_for_home'));
432	if ($rs->f(0) == 0) {
433	$rs = $core->con->select(sprintf($strReqSelect, 'nb_post_per_page'));
434	$strReq = sprintf($strReqFormat, 'nb_post_for_home', $rs->f(0), 'Nb of posts on home (first page only)');
435	$core->con->execute($strReq);
436	}
437	}
438
439	if (version_compare($version, '2.8.1', '<=')) {
440	# switch from jQuery 1.11.1 to 1.11.2
441	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
442	" SET setting_value = '1.11.3' " .
443	" WHERE setting_id = 'jquery_version' " .
444	" AND setting_ns = 'system' " .
445	" AND setting_value = '1.11.1' ";
446	$core->con->execute($strReq);
447	# Some new settings should be initialized, prepare db queries
448	$strReq = 'INSERT INTO ' . $core->prefix . 'setting' .
449	' (setting_id,setting_ns,setting_value,setting_type,setting_label)' .
450	' VALUES(\'%s\',\'system\',\'%s\',\'boolean\',\'%s\')';
451	$core->con->execute(sprintf($strReq, 'no_search', '0', 'Disable internal search system'));
452	}
453
454	if (version_compare($version, '2.9', '<=')) {
455	# Some new settings should be initialized, prepare db queries
456	$strReq = 'INSERT INTO ' . $core->prefix . 'setting' .
457	' (setting_id,setting_ns,setting_value,setting_type,setting_label)' .
458	' VALUES(\'%s\',\'system\',\'%s\',\'%s\',\'%s\')';
459	$core->con->execute(
460	sprintf($strReq, 'media_video_width', '400', 'integer', 'Media video insertion width'));
461	$core->con->execute(
462	sprintf($strReq, 'media_video_height', '300', 'integer', 'Media video insertion height'));
463	$core->con->execute(
464	sprintf($strReq, 'media_flash_fallback', '1', 'boolean', 'Flash player fallback for audio and video media'));
465
466	# Some settings and prefs should be moved from string to array
467	self::settings2array('system', 'date_formats');
468	self::settings2array('system', 'time_formats');
469	self::settings2array('antispam', 'antispam_filters');
470	self::settings2array('pings', 'pings_uris');
471	self::settings2array('system', 'simpleMenu');
472	self::prefs2array('dashboard', 'favorites');
473	}
474
475	if (version_compare($version, '2.9.1', '<=')) {
476	# Some settings and prefs should be moved from string to array
477	self::prefs2array('dashboard', 'favorites');
478	self::prefs2array('interface', 'media_last_dirs');
479	}
480
481	if (version_compare($version, '2.10', '<')) {
482	@unlink(DC_ROOT . '/' . 'admin/js/jsUpload/vendor/jquery.ui.widget.js');
483	@rmdir(DC_ROOT . '/' . 'admin/js/jsUpload/vendor');
484
485	# Create new var directory and its .htaccess file
486	@files::makeDir(DC_VAR);
487	$f = DC_VAR . '/.htaccess';
488	if (!file_exists($f)) {
489	@file_put_contents($f, 'Require all denied' . "\n" . 'Deny from all' . "\n");
490	}
491
492	# Some new settings should be initialized, prepare db queries
493	$strReq = 'INSERT INTO ' . $core->prefix . 'setting' .
494	' (setting_id,setting_ns,setting_value,setting_type,setting_label)' .
495	' VALUES(\'%s\',\'system\',\'%s\',\'%s\',\'%s\')';
496	# Import feed control
497	$core->con->execute(
498	sprintf($strReq, 'import_feed_url_control', true, 'boolean', 'Control feed URL before import'));
499	$core->con->execute(
500	sprintf($strReq, 'import_feed_no_private_ip', true, 'boolean', 'Prevent import feed from private IP'));
501	$core->con->execute(
502	sprintf($strReq, 'import_feed_ip_regexp', '', 'string', 'Authorize import feed only from this IP regexp'));
503	$core->con->execute(
504	sprintf($strReq, 'import_feed_port_regexp', '/^(80\|443)$/', 'string', 'Authorize import feed only from this port regexp'));
505	# CSP directive (admin part)
506	$core->con->execute(
507	sprintf($strReq, 'csp_admin_on', true, 'boolean', 'Send CSP header (admin)'));
508	$core->con->execute(
509	sprintf($strReq, 'csp_admin_default', "''self''", 'string', 'CSP default-src directive'));
510	$core->con->execute(
511	sprintf($strReq, 'csp_admin_script', "''self'' ''unsafe-inline'' ''unsafe-eval''", 'string', 'CSP script-src directive'));
512	$core->con->execute(
513	sprintf($strReq, 'csp_admin_style', "''self'' ''unsafe-inline''", 'string', 'CSP style-src directive'));
514	$core->con->execute(
515	sprintf($strReq, 'csp_admin_img', "''self'' data: media.dotaddict.org", 'string', 'CSP img-src directive'));
516	}
517
518	if (version_compare($version, '2.11', '<')) {
519	// Remove the CSP report file from it's old place
520	@unlink(DC_ROOT . '/admin/csp_report.txt');
521
522	# Some new settings should be initialized, prepare db queries
523	$strReq = 'INSERT INTO ' . $core->prefix . 'setting' .
524	' (setting_id,setting_ns,setting_value,setting_type,setting_label)' .
525	' VALUES(\'%s\',\'system\',\'%s\',\'%s\',\'%s\')';
526	$core->con->execute(
527	sprintf($strReq, 'csp_admin_report_only', false, 'boolean', 'CSP Report only violations (admin)'));
528
529	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
530	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
531	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
532	$csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : ''; // Hack for SQlite Clearbricks driver
533
534	# Try to fix some CSP directive wrongly stored for SQLite drivers
535	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
536	" SET setting_value = '" . $csp_prefix . "''self''" . $csp_suffix . "' " .
537	" WHERE setting_id = 'csp_admin_default' " .
538	" AND setting_ns = 'system' " .
539	" AND setting_value = 'self' ";
540	$core->con->execute($strReq);
541	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
542	" SET setting_value = '" . $csp_prefix . "''self'' ''unsafe-inline'' ''unsafe-eval''" . $csp_suffix . "' " .
543	" WHERE setting_id = 'csp_admin_script' " .
544	" AND setting_ns = 'system' " .
545	" AND setting_value = 'self'' ''unsafe-inline'' ''unsafe-eval' ";
546	$core->con->execute($strReq);
547	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
548	" SET setting_value = '" . $csp_prefix . "''self'' ''unsafe-inline''" . $csp_suffix . "' " .
549	" WHERE setting_id = 'csp_admin_style' " .
550	" AND setting_ns = 'system' " .
551	" AND setting_value = 'self'' ''unsafe-inline' ";
552	$core->con->execute($strReq);
553	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
554	" SET setting_value = '" . $csp_prefix . "''self'' data: media.dotaddict.org blob:' " .
555	" WHERE setting_id = 'csp_admin_img' " .
556	" AND setting_ns = 'system' " .
557	" AND setting_value = 'self'' data: media.dotaddict.org' ";
558	$core->con->execute($strReq);
559
560	# Update CSP img-src default directive
561	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
562	" SET setting_value = '" . $csp_prefix . "''self'' data: media.dotaddict.org blob:' " .
563	" WHERE setting_id = 'csp_admin_img' " .
564	" AND setting_ns = 'system' " .
565	" AND setting_value = '''self'' data: media.dotaddict.org' ";
566	$core->con->execute($strReq);
567
568	# Update first publication on published posts
569	$strReq = 'UPDATE ' . $core->prefix . 'post ' .
570	'SET post_firstpub = 1 ' .
571	'WHERE post_status = 1 ';
572	$core->con->execute($strReq);
573
574	# A bit of housecleaning for no longer needed files
575	$remfiles = [
576	'admin/js/jquery/jquery.modal.js',
577	'admin/style/modal/close.png',
578	'admin/style/modal/loader.gif',
579	'admin/style/modal/modal.css',
580	'admin/js/dragsort-tablerows.js',
581	'admin/js/tool-man/cookies.js',
582	'admin/js/tool-man/coordinates.js',
583	'admin/js/tool-man/core.js',
584	'admin/js/tool-man/css.js',
585	'admin/js/tool-man/drag.js',
586	'admin/js/tool-man/dragsort.js',
587	'admin/js/tool-man/events.js',
588	'admin/js/ie7/IE7.js',
589	'admin/js/ie7/IE8.js',
590	'admin/js/ie7/IE9.js',
591	'admin/js/ie7/blank.gif',
592	'admin/js/ie7/ie7-hashchange.js',
593	'admin/js/ie7/ie7-recalc.js',
594	'admin/js/ie7/ie7-squish.js',
595	'admin/style/iesucks.css',
596	'plugins/tags/js/jquery.autocomplete.js',
597	'theme/ductile/ie.css'
598	];
599	$remfolders = [
600	'admin/style/modal',
601	'admin/js/tool-man',
602	'admin/js/ie7'
603	];
604
605	foreach ($remfiles as $f) {
606	@unlink(DC_ROOT . '/' . $f);
607	}
608	foreach ($remfolders as $f) {
609	@rmdir(DC_ROOT . '/' . $f);
610	}
611	}
612
613	if (version_compare($version, '2.12', '<')) {
614	# switch from jQuery 2.2.0 to 2.2.4
615	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
616	" SET setting_value = '2.2.4' " .
617	" WHERE setting_id = 'jquery_version' " .
618	" AND setting_ns = 'system' " .
619	" AND setting_value = '2.2.0' ";
620	$core->con->execute($strReq);
621	}
622
623	if (version_compare($version, '2.12.2', '<')) {
624	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
625	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
626	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
627
628	# Update CSP img-src default directive
629	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
630	" SET setting_value = '" . $csp_prefix . "''self'' data: http://media.dotaddict.org blob:' " .
631	" WHERE setting_id = 'csp_admin_img' " .
632	" AND setting_ns = 'system' " .
633	" AND setting_value = '" . $csp_prefix . "''self'' data: media.dotaddict.org blob:' ";
634	$core->con->execute($strReq);
635	}
636
637	if (version_compare($version, '2.14', '<')) {
638	// File not more needed
639	@unlink(DC_ROOT . '/' . 'admin/js/jquery/jquery.bgFade.js');
640	}
641
642	if (version_compare($version, '2.14.3', '<')) {
643	# Update flie exclusion upload regex
644	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
645	" SET setting_value = '/\\.(phps?\|pht(ml)?\|phl\|.?html?\|xml\|js\|htaccess)[0-9]*$/i' " .
646	" WHERE setting_id = 'media_exclusion' " .
647	" AND setting_ns = 'system' " .
648	" AND (setting_value = '/\\.php[0-9]*$/i' " .
649	" OR setting_value = '/\\.php$/i') " .
650	" OR setting_value = '/\\.(phps?\|pht(ml)?\|phl)[0-9]*$/i' " .
651	" OR setting_value = '/\\.(phps?\|pht(ml)?\|phl\|s?html?\|js)[0-9]*$/i'" .
652	" OR setting_value = '/\\.(phps?\|pht(ml)?\|phl\|s?html?\|js\|htaccess)[0-9]*$/i'";
653	$core->con->execute($strReq);
654	}
655
656	if (version_compare($version, '2.15', '<')) {
657	# switch from jQuery 1.11.3 to 1.12.4
658	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
659	" SET setting_value = '1.12.4' " .
660	" WHERE setting_id = 'jquery_version' " .
661	" AND setting_ns = 'system' " .
662	" AND setting_value = '1.11.3' ";
663	$core->con->execute($strReq);
664
665	# A bit of housecleaning for no longer needed files
666	$remfiles = [
667	'plugins/dcLegacyEditor/tpl/index.tpl',
668	'plugins/dcCKEditor/tpl/index.tpl'
669	];
670	foreach ($remfiles as $f) {
671	@unlink(DC_ROOT . '/' . $f);
672	}
673
674	}
675
676	if (version_compare($version, '2.15.1', '<')) {
677	// Remove unsafe-inline from CSP script directives
678	$strReq = 'UPDATE ' . $core->prefix . 'setting ' .
679	" SET setting_value = REPLACE(setting_value, '''unsafe-inline''', '') " .
680	" WHERE setting_id = 'csp_admin_script' " .
681	" AND setting_ns = 'system' ";
682	$core->con->execute($strReq);
683	}
684
685	$core->setVersion('core', DC_VERSION);
686	$core->blogDefaults();
687
688	return $cleanup_sessions;
689	}
690
691	/**
692	* Convert old-fashion serialized array setting to new-fashion json encoded array
693	* @param $ns namespace
694	* @param $setting setting name (id)
695	*/
696	public static function settings2array($ns, $setting)
697	{
698	global $core;
699
700	$strReqSelect =
701	"SELECT setting_id,blog_id,setting_ns,setting_type,setting_value FROM " . $core->prefix . "setting " .
702	"WHERE setting_id = '%s' " .
703	"AND setting_ns = '%s' " .
704	"AND setting_type = 'string'";
705	$rs = $core->con->select(sprintf($strReqSelect, $setting, $ns));
706	while ($rs->fetch()) {
707	$value = @unserialize($rs->setting_value);
708	if (!$value) {
709	$value = [];
710	}
711	settype($value, 'array');
712	$value = json_encode($value);
713	$rs2 = "UPDATE " . $core->prefix . "setting " .
714	"SET setting_type='array', setting_value = '" . $core->con->escape($value) . "' " .
715	"WHERE setting_id='" . $core->con->escape($rs->setting_id) . "' " .
716	"AND setting_ns='" . $core->con->escape($rs->setting_ns) . "' ";
717	if ($rs->blog_id == '') {
718	$rs2 .= "AND blog_id IS null";
719	} else {
720	$rs2 .= "AND blog_id = '" . $core->con->escape($rs->blog_id) . "'";
721	}
722	$core->con->execute($rs2);
723	}
724	}
725
726	/**
727	* Convert old-fashion serialized array pref to new-fashion json encoded array
728	* @param $ws workspace
729	* @param $pref pref name (id)
730	*/
731	public static function prefs2array($ws, $pref)
732	{
733	global $core;
734
735	$strReqSelect =
736	"SELECT pref_id,user_id,pref_ws,pref_type,pref_value FROM " . $core->prefix . "pref " .
737	"WHERE pref_id = '%s' " .
738	"AND pref_ws = '%s' " .
739	"AND pref_type = 'string'";
740	$rs = $core->con->select(sprintf($strReqSelect, $pref, $ws));
741	while ($rs->fetch()) {
742	$value = @unserialize($rs->pref_value);
743	if (!$value) {
744	$value = [];
745	}
746	settype($value, 'array');
747	$value = json_encode($value);
748	$rs2 = "UPDATE " . $core->prefix . "pref " .
749	"SET pref_type='array', pref_value = '" . $core->con->escape($value) . "' " .
750	"WHERE pref_id='" . $core->con->escape($rs->pref_id) . "' " .
751	"AND pref_ws='" . $core->con->escape($rs->pref_ws) . "' ";
752	if ($rs->user_id == '') {
753	$rs2 .= "AND user_id IS null";
754	} else {
755	$rs2 .= "AND user_id = '" . $core->con->escape($rs->user_id) . "'";
756	}
757	$core->con->execute($rs2);
758	}
759	}
760	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/dbschema/upgrade.php @ 4027:c402f895a2c9

Download in other formats:

Sites map