archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-05-07 06:14:03 +00:00
Code Activity

Validate SQLite filename in databaseExists

Browse source 
Add validation so that a malicious tenant DB name can't be used to detect if a file exists.
This commit is contained in:
lukinovec 2026-04-30 09:49:03 +02:00
parent 75b74f2e6c
commit 322257f456
2 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Database/TenantDatabaseManagers/SQLiteDatabaseManager.php
View file

@ -128,7 +128,13 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
public function databaseExists(string $name): bool
{
return $this->isInMemory($name) || file_exists($this->getPath($name));
if ($this->isInMemory($name)) {
return true;
}
$this->validateParameter($name);
return file_exists($this->getPath($name));
}
public function makeConnectionConfig(array $baseConfig, string $databaseName): array