From 4c457ecc92bed1d4d319b2c1aa615474237c7437 Mon Sep 17 00:00:00 2001
From: Graham Eames <grahamje@users.sourceforge.net>
Date: Sat, 1 Jul 2006 21:45:35 +0000
Subject: [PATCH] Prevent sqlite databases within the forum directory

git-svn-id: file:///svn/phpbb/trunk@6136 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/install/install_install.php | 7 +++++++
 phpBB/language/en/install.php     | 1 +
 2 files changed, 8 insertions(+)

diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index a2cfaea437..ecfc08031b 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -1613,6 +1613,13 @@ class install_install extends module
 			return false;
 		}
 
+		// Make sure we don't have a daft user who thinks having the SQLite database in the forum directory is a good idea
+		if ($dbms == 'sqlite' && stripos(phpbb_realpath($dbhost), phpbb_realpath('../')) === 0)
+		{
+			$error[] = $lang['INST_ERR_DB_FORUM_PATH'];
+			return false;
+		}
+
 		// Try and connect ...
 		if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false)))
 		{
diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php
index d4e7d84716..1c064bee65 100755
--- a/phpBB/language/en/install.php
+++ b/phpBB/language/en/install.php
@@ -148,6 +148,7 @@ $lang = array_merge($lang, array(
 	'INSTALL_START'				=> 'Start Install',
 	'INSTALL_TEST'				=> 'Test Again',
 	'INST_ERR_DB_CONNECT'		=> 'Could not connect to the database, see error message below',
+	'INST_ERR_DB_FORUM_PATH'	=> 'The database file specified is within your forum directory tree. You should put this file in a non web-accessible location',
 	'INST_ERR_DB_NO_ERROR'		=> 'No error message given',
 	'INST_ERR_DB_NO_MYSQL4'		=> 'The version of MySQL installed on this machine is incompatible with the "MySQL 4.x/5.x" option you have selected. Please try the "MySQL 3.23.x/4.x" option instead.',
 	'INST_ERR_DB_NO_MYSQLI'		=> 'The version of MySQL installed on this machine is incompatible with the "MySQL 4.1.x/5.x with MySQLi Extension" option you have selected. Please try the "MySQL 4.x/5.x" or "MySQL 3.23.x/4.x" option instead.',