(bug 20244) Installer does not validate SQLite database directory for stable path.

This is a must for 1.17 so adding a note to HISTORY instead of RELEASE-NOTES

HISTORY

@@ -450,6 +450,7 @@ LocalSettings.php. The specific bugs are listed below in the general notes.
 * rebuildFileCache.php no longer creates inappropriate cache files for redirects
 * (bug 18372) $wgFileExtensions will now override $wgFileBlacklist 
 * (bug 25512) Subcategory list should not include category prefix for members.
+* (bug 20244) Installer does not validate SQLite database directory for stable path
 
 === API changes in 1.17 ===
 * (bug 22738) Allow filtering by action type on query=logevent.

includes/installer/SqliteInstaller.php

@@ -45,16 +45,30 @@ class SqliteInstaller extends DatabaseInstaller {
 			$this->getTextBox( 'wgDBname', 'config-db-name', array(), $this->parent->getHelpBox( 'config-sqlite-name-help' ) );
 	}
 
+	/*
+	 * Safe wrapper for PHP's realpath() that fails gracefully if it's unable to canonicalize the path.
+	 */
+	private static function realpath( $path ) {
+		$result = realpath( $path );
+		if ( !$result ) {
+			return $path;
+		}
+		return $result;
+	}
+
 	public function submitConnectForm() {
 		$this->setVarsFromRequest( array( 'wgSQLiteDataDir', 'wgDBname' ) );
 
-		$dir = realpath( $this->getVar( 'wgSQLiteDataDir' ) );
-		if ( !$dir ) {
-			// realpath() sometimes fails, especially on Windows
-			$dir = $this->getVar( 'wgSQLiteDataDir' );
+		# Try realpath() if the directory already exists
+		$dir = self::realpath( $this->getVar( 'wgSQLiteDataDir' ) );
+		$result = self::dataDirOKmaybeCreate( $dir, true /* create? */ );
+		if ( $result->isOK() )
+		{
+			# Try expanding again in case we've just created it
+			$dir = self::realpath( $dir );
+			$this->setVar( 'wgSQLiteDataDir', $dir );
 		}
-		$this->setVar( 'wgSQLiteDataDir', $dir );
-		return self::dataDirOKmaybeCreate( $dir, true /* create? */ );
+		return $result;
 	}
 
 	private static function dataDirOKmaybeCreate( $dir, $create = false ) {