diff options
| author | JustAMacUser <[email protected]> | 2020-04-18 21:33:56 -0400 |
|---|---|---|
| committer | JustAMacUser <[email protected]> | 2020-04-18 21:33:56 -0400 |
| commit | 56e16a8d855dafa7ad28273b2720883dba67bcf4 (patch) | |
| tree | f3d256d89c8d048a66f4931c956ad616f35d8a1c | |
| parent | 0d467973dc6a1b93e267015c3d838ec77b59582e (diff) | |
Escape user-defined values during installation.
| -rwxr-xr-x | config.php-dist | 16 | ||||
| -rwxr-xr-x | install/index.php | 42 |
2 files changed, 21 insertions, 37 deletions
diff --git a/config.php-dist b/config.php-dist index 244390b98..e83fdcfdc 100755 --- a/config.php-dist +++ b/config.php-dist @@ -3,12 +3,12 @@ // *** Database configuration (important!) *** // ******************************************* - define('DB_TYPE', "pgsql"); // or mysql - define('DB_HOST', "localhost"); - define('DB_USER', "fox"); - define('DB_NAME', "fox"); - define('DB_PASS', "XXXXXX"); - define('DB_PORT', ''); // usually 5432 for PostgreSQL, 3306 for MySQL + define('DB_TYPE', "%DB_TYPE"); // pgsql or mysql + define('DB_HOST', "%DB_HOST"); + define('DB_USER', "%DB_USER"); + define('DB_NAME', "%DB_NAME"); + define('DB_PASS', "%DB_PASS"); + define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL define('MYSQL_CHARSET', 'UTF8'); // Connection charset for MySQL. If you have a legacy database and/or experience @@ -18,9 +18,9 @@ // *** Basic settings (important!) *** // *********************************** - define('SELF_URL_PATH', 'https://example.org/tt-rss/'); + define('SELF_URL_PATH', '%SELF_URL_PATH'); // This should be set to a fully qualified URL used to access - // your tt-rss instance over the net. + // your tt-rss instance over the net, such as: https://example.org/tt-rss/ // The value should be a constant string literal. Please don't use // PHP server variables here - you might introduce security // issues on your install and cause hard to debug problems. diff --git a/install/index.php b/install/index.php index e4728fa73..b7aedf29d 100755 --- a/install/index.php +++ b/install/index.php @@ -151,35 +151,19 @@ function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS, $DB_PORT, $SELF_URL_PATH) { - $data = explode("\n", file_get_contents("../config.php-dist")); - - $rv = ""; - - $finished = false; - - foreach ($data as $line) { - if (preg_match("/define\('DB_TYPE'/", $line)) { - $rv .= "\tdefine('DB_TYPE', '$DB_TYPE');\n"; - } else if (preg_match("/define\('DB_HOST'/", $line)) { - $rv .= "\tdefine('DB_HOST', '$DB_HOST');\n"; - } else if (preg_match("/define\('DB_USER'/", $line)) { - $rv .= "\tdefine('DB_USER', '$DB_USER');\n"; - } else if (preg_match("/define\('DB_NAME'/", $line)) { - $rv .= "\tdefine('DB_NAME', '$DB_NAME');\n"; - } else if (preg_match("/define\('DB_PASS'/", $line)) { - $rv .= "\tdefine('DB_PASS', '$DB_PASS');\n"; - } else if (preg_match("/define\('DB_PORT'/", $line)) { - $rv .= "\tdefine('DB_PORT', '$DB_PORT');\n"; - } else if (preg_match("/define\('SELF_URL_PATH'/", $line)) { - $rv .= "\tdefine('SELF_URL_PATH', '$SELF_URL_PATH');\n"; - } else if (!$finished) { - $rv .= "$line\n"; - } - - if (preg_match("/\?\>/", $line)) { - $finished = true; - } - } + $rv = file_get_contents("../config.php-dist"); + + $settings = [ + "%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql', + "%DB_HOST" => addslashes($DB_HOST), + "%DB_USER" => addslashes($DB_USER), + "%DB_NAME" => addslashes($DB_NAME), + "%DB_PASS" => addslashes($DB_PASS), + "%DB_PORT" => intval($DB_PORT), + "%SELF_URL_PATH" => addslashes($SELF_URL_PATH) + ]; + + $rv = str_replace(array_keys($settings), array_values($settings), $rv); return $rv; } |