summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustAMacUser <[email protected]>2020-04-21 21:10:32 -0400
committerJustAMacUser <[email protected]>2020-04-21 21:10:32 -0400
commit9c3cf60592d99494903184c268581dd18cf5b353 (patch)
treed3a6418389fd3ed223c0edc5a07e2757a1280cff
parent11a9d3bd9be1dcbf5177baa9846770012da3ce8b (diff)
More fixes when installer generates config file.
* Use single quotes in config.php when when defining database values so PHP doesn't interpret `$` as a variable (mostly for the password constant). * Use `addcslashes` instead of `addslashes` and only escape backslash and single quotes. * Do not convert DB_PORT to integer if leaving it blank (the default).
Diffstat
-rw-r--r--[-rwxr-xr-x]config.php-dist10
-rw-r--r--[-rwxr-xr-x]install/index.php14
2 files changed, 13 insertions, 11 deletions
diff --git a/config.php-dist b/config.php-dist
index e83fdcfdc..824c378a7 100755..100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -3,11 +3,11 @@
// *** Database configuration (important!) ***
// *******************************************
- define('DB_TYPE', "%DB_TYPE"); // pgsql or mysql
- define('DB_HOST', "%DB_HOST");
- define('DB_USER', "%DB_USER");
- define('DB_NAME', "%DB_NAME");
- define('DB_PASS', "%DB_PASS");
+ define('DB_TYPE', '%DB_TYPE'); // pgsql or mysql
+ define('DB_HOST', '%DB_HOST');
+ define('DB_USER', '%DB_USER');
+ define('DB_NAME', '%DB_NAME');
+ define('DB_PASS', '%DB_PASS');
define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL
define('MYSQL_CHARSET', 'UTF8');
diff --git a/install/index.php b/install/index.php
index b7aedf29d..543a4a3f2 100755..100644
--- a/install/index.php
+++ b/install/index.php
@@ -153,14 +153,16 @@
$rv = file_get_contents("../config.php-dist");
+ $escape_chars = "\\'";
+
$settings = [
"%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql',
- "%DB_HOST" => addslashes($DB_HOST),
- "%DB_USER" => addslashes($DB_USER),
- "%DB_NAME" => addslashes($DB_NAME),
- "%DB_PASS" => addslashes($DB_PASS),
- "%DB_PORT" => intval($DB_PORT),
- "%SELF_URL_PATH" => addslashes($SELF_URL_PATH)
+ "%DB_HOST" => addcslashes($DB_HOST, $escape_chars),
+ "%DB_USER" => addcslashes($DB_USER, $escape_chars),
+ "%DB_NAME" => addcslashes($DB_NAME, $escape_chars),
+ "%DB_PASS" => addcslashes($DB_PASS, $escape_chars),
+ "%DB_PORT" => $DB_PORT ? intval($DB_PORT) : '',
+ "%SELF_URL_PATH" => addcslashes($SELF_URL_PATH, $escape_chars)
];
$rv = str_replace(array_keys($settings), array_values($settings), $rv);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 02:15:41 +0000