In secure development environments, lazy developers like to connect to the DB without using a password.

ex: $db_url = 'mysqli://root@localhost/my_site';

We can allow for this if we tweak the regex:

function dbscripts_db_connect() {
  require('config.inc');
  require("$settings_path/settings.php");
  
  preg_match('/'.$dbtype.':\/\/([^:]+):*([^@]*)@([^\/]+)\/(.+)/', $db_url, $db_settings);

  $dbuser = $db_settings[1];
  $dbpassword = $db_settings[2];
  $dbhost = $db_settings[3];
  $dbname = $db_settings[4];

  return "-u $dbuser ".($dbpassword ? "-p$dbpassword" : "")." -h $dbhost $dbname";
}

Note that only the preg_match and return lines have been changed

Comments

ceardach’s picture

Assigned: Unassigned » ceardach

Thanks, hadn't even thought of that scenario. I'll add the support the next time I work on it (which should be soon, I'm trying to push out v1.0 soonish).

ceardach’s picture

Version: 5.x-1.x-dev » 6.x-2.x-dev
mikey_p’s picture

This would be another candidate for parse_url.

hefox’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.