Security updates to settings.php
This commit is contained in:
74
settings.php
74
settings.php
@@ -1,24 +1,68 @@
|
||||
<?php
|
||||
|
||||
$sitesettings = new SQLite3('settings.sqlite');
|
||||
/**
|
||||
* Site Settings Configuration
|
||||
* Loads site settings from SQLite database
|
||||
*/
|
||||
|
||||
$getName = $sitesettings->query('SELECT description FROM site WHERE id = 1');
|
||||
// Initialize default values
|
||||
$SiteName = 'Infopump';
|
||||
$SubName = 'A bibliographic display system';
|
||||
$SiteURL = '';
|
||||
|
||||
while ($row = $getName->fetchArray()) {
|
||||
$SiteName = $row['description'];
|
||||
try {
|
||||
// Establish database connection
|
||||
$sitesettings = new SQLite3('settings.sqlite', SQLITE3_OPEN_READONLY);
|
||||
$sitesettings->enableExceptions(true);
|
||||
|
||||
// Fetch all settings in a single query for efficiency
|
||||
$stmt = $sitesettings->prepare('SELECT id, description FROM site WHERE id IN (1, 2, 3) ORDER BY id');
|
||||
$result = $stmt->execute();
|
||||
|
||||
// Process results
|
||||
$settings = [];
|
||||
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
|
||||
$settings[(int)$row['id']] = $row['description'];
|
||||
}
|
||||
|
||||
// Assign settings to variables with validation
|
||||
if (isset($settings[1]) && !empty(trim($settings[1]))) {
|
||||
$SiteName = htmlspecialchars(trim($settings[1]), ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
if (isset($settings[2]) && !empty(trim($settings[2]))) {
|
||||
$SubName = htmlspecialchars(trim($settings[2]), ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
if (isset($settings[3]) && !empty(trim($settings[3]))) {
|
||||
// Validate and sanitize URL
|
||||
$url = trim($settings[3]);
|
||||
// Remove trailing slash for consistency
|
||||
$url = rtrim($url, '/');
|
||||
// Basic URL validation
|
||||
if (filter_var($url, FILTER_VALIDATE_URL)) {
|
||||
$SiteURL = htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
|
||||
} else {
|
||||
error_log("Invalid site URL in settings: " . $url);
|
||||
}
|
||||
}
|
||||
|
||||
// Close database connection
|
||||
$sitesettings->close();
|
||||
|
||||
} catch (Exception $e) {
|
||||
// Log error but continue with default values
|
||||
error_log("Settings database error: " . $e->getMessage());
|
||||
|
||||
// Ensure variables are set even if database fails
|
||||
if (!isset($SiteName)) $SiteName = 'Infopump';
|
||||
if (!isset($SubName)) $SubName = 'A bibliographic display system';
|
||||
if (!isset($SiteURL)) $SiteURL = '';
|
||||
}
|
||||
|
||||
$getSubName = $sitesettings->query('SELECT description FROM site WHERE id = 2');
|
||||
|
||||
while ($row = $getSubName->fetchArray()) {
|
||||
$SubName = $row['description'];
|
||||
// Verify all required settings are defined
|
||||
if (empty($SiteName) || empty($SubName)) {
|
||||
error_log("Critical site settings are missing or empty");
|
||||
}
|
||||
|
||||
$getURL = $sitesettings->query('SELECT description FROM site WHERE id = 3');
|
||||
|
||||
while ($row = $getURL->fetchArray()) {
|
||||
$SiteURL = $row['description'];
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user