Bug #91167
closedHosteurope database name not valid
Added by Tobias Musholt over 4 years ago. Updated over 4 years ago.
100%
Description
Hosteurope database name are generated with hyphen (-) and are not valid. Please add the hyphen into the regular expression.
typo3_src-10.4.0/typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck/Platform/AbstractPlatform.php - Zeile 67:
old/wrong:
return strlen($databaseName) <= static::SCHEMA_NAME_MAX_LENGTH && preg_match('/^[a-zA-Z0-9\$_]*$/', $databaseName);
new/currenty:
return strlen($databaseName) <= static::SCHEMA_NAME_MAX_LENGTH && preg_match('/^[a-zA-Z0-9\$-_]*$/', $databaseName);
Updated by Michael Stucki over 4 years ago
- Project changed from 9 to TYPO3 Core
- Category deleted (
Server Administration) - Target version deleted (
0.1) - TYPO3 Version set to 10
Wrong project.
Updated by Michael Stucki over 4 years ago
Updated by Manuel Selbach over 4 years ago
- Category set to Database API (Doctrine DBAL)
- Assignee set to Manuel Selbach
Updated by Tobias Musholt over 4 years ago
Michael Stucki wrote:
Unfortunately, this does not work because you can only select the database using a select box and do not type in the database name directly.
Updated by Oliver Hader over 4 years ago
Tobias: RegExp @preg_match('/^[a-zA-Z0-9\$-_]*$/')
is probably not the intended declaration since the last part means "$
to _
" accidentally including -
as well...
When allowing more characters (\x01-\xf7), I'm not sure which new security aspects this might add - this should be evaluated carefully.
Tamper instructions of SQLmap might be a good starting point for that (https://github.com/sqlmapproject/sqlmap/tree/master/tamper)
Updated by Tobias Musholt over 4 years ago
Oliver Hader wrote:
Tobias: RegExp @preg_match('/^[a-zA-Z0-9\$-_]*$/')
is probably not the intended declaration since the last part means "$
to_
" accidentally including-
as well...
Sorry, I am not very familiar with regular expressions!
When allowing more characters (\x01-\xf7), I'm not sure which new security aspects this might add - this should be evaluated carefully.
Tamper instructions of SQLmap might be a good starting point for that (https://github.com/sqlmapproject/sqlmap/tree/master/tamper)
I can understand the risk. Currently I only have the problem that one of the largest hosters (HostEurope) in Germany puts a hyphen ('-') in all its database name
(`db[customerNumber]-[name]` (e.g. `db1234567-typo3`)) and I cannot install TYPO3 and HostEurope says that this is a problem with TYPO3 and not with HostEurope. :-(
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64312
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64312
Updated by Michael Stucki over 4 years ago
The reason why I mentioned this is that according to this spec, the minus character is not allowed in unquoted database names.
One could argue that database names should just be quoted then, but that's a major change that can't be changed so quickly...
I see that Contao had the same issue, but their fix is not the way how I like it to be: They just removed the whole validity check... :-(
https://github.com/contao/core-bundle/issues/593
My suggestion is to not do anything here. Instead, the database name should be specified manually. After all, that should work but is not supported, so you use it at your own risk.
Updated by Tobias Musholt over 4 years ago
Michael Stucki wrote:
Instead, the database name should be specified manually.
If I received TYPO3 like this, I have no problem with it, but at the moment I am not scared how and where I can hear the database names manually during installation?!? Did I miss something?
Updated by Michael Stucki over 4 years ago
Just set it in LocalConfiguration.php, see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/ApiOverview/Database/Configuration/Index.html.
Updated by Tobias Musholt over 4 years ago
Michael Stucki wrote:
Just set it in LocalConfiguration.php, see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/ApiOverview/Database/Configuration/Index.html.
I've been doing TYPO3 for 10 years, but that was new! Thank you! ;-)
Updated by Tobias Musholt over 4 years ago
Tobias Musholt wrote:
Michael Stucki wrote:
Just set it in LocalConfiguration.php, see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/ApiOverview/Database/Configuration/Index.html.
I've been doing TYPO3 for 10 years, but that was new! Thank you! ;-)
Unfortunately, that didn't work.
I think I was also misunderstood, but I am concerned with the installation of a TYPO3 system and not with the general operation where I can change the name of the database.
During the TYPO3 installation, I can unfortunately only select the database name using a select box and this is then rejected by the system because it contains a hyphen.
Updated by Michael Stucki over 4 years ago
Yes the installer does not show it because, as I understand it, this is not supported as of now. However, you can skip this step by setting the DB configuration manually as explained above... What else do you need?
Updated by Tobias Musholt over 4 years ago
Michael Stucki wrote:
Yes the installer does not show it because, as I understand it, this is not supported as of now. However, you can skip this step by setting the DB configuration manually as explained above... What else do you need?
I have now made various attempts, but I do not know how I should enter the data manually during an installation or how I should be able to skip this?! Especially since the question arises where TYPO3 should save the database tables from without a functioning database access!?
Updated by Christian Giegler over 4 years ago
Michael Stucki wrote:
The reason why I mentioned this is that according to this spec, the minus character is not allowed in unquoted database names.
One could argue that database names should just be quoted then, but that's a major change that can't be changed so quickly...
I see that Contao had the same issue, but their fix is not the way how I like it to be: They just removed the whole validity check... :-(
https://github.com/contao/core-bundle/issues/593My suggestion is to not do anything here. Instead, the database name should be specified manually. After all, that should work but is not supported, so you use it at your own risk.
Well, hyphens are a valid character for quoted database names, so switching from unquoted to quoted is the best choice in the future to support all users.
I think a simple change to display a warning that the name is not valid for unquoted databases and an option to "ignore the warning and continue" would solve the problem for now.
Sure some pro's can edit their localconfig.php while installing typo3 so it works, but that can't be expected from a "default" user.
Updated by Manuel Selbach over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset d5b5b26c68487dc1276588fde969a683c772f963.