diff options
author | JustAMacUser <[email protected]> | 2020-04-21 21:10:32 -0400 |
---|---|---|
committer | JustAMacUser <[email protected]> | 2020-04-21 21:10:32 -0400 |
commit | 9c3cf60592d99494903184c268581dd18cf5b353 (patch) | |
tree | d3a6418389fd3ed223c0edc5a07e2757a1280cff /install/index.php | |
parent | 11a9d3bd9be1dcbf5177baa9846770012da3ce8b (diff) |
More fixes when installer generates config file.
* Use single quotes in config.php when when defining database values so PHP doesn't interpret `$` as a variable (mostly for the password constant).
* Use `addcslashes` instead of `addslashes` and only escape backslash and single quotes.
* Do not convert DB_PORT to integer if leaving it blank (the default).
Diffstat (limited to 'install/index.php')
-rw-r--r--[-rwxr-xr-x] | install/index.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/install/index.php b/install/index.php index b7aedf29d..543a4a3f2 100755..100644 --- a/install/index.php +++ b/install/index.php @@ -153,14 +153,16 @@ $rv = file_get_contents("../config.php-dist"); + $escape_chars = "\\'"; + $settings = [ "%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql', - "%DB_HOST" => addslashes($DB_HOST), - "%DB_USER" => addslashes($DB_USER), - "%DB_NAME" => addslashes($DB_NAME), - "%DB_PASS" => addslashes($DB_PASS), - "%DB_PORT" => intval($DB_PORT), - "%SELF_URL_PATH" => addslashes($SELF_URL_PATH) + "%DB_HOST" => addcslashes($DB_HOST, $escape_chars), + "%DB_USER" => addcslashes($DB_USER, $escape_chars), + "%DB_NAME" => addcslashes($DB_NAME, $escape_chars), + "%DB_PASS" => addcslashes($DB_PASS, $escape_chars), + "%DB_PORT" => $DB_PORT ? intval($DB_PORT) : '', + "%SELF_URL_PATH" => addcslashes($SELF_URL_PATH, $escape_chars) ]; $rv = str_replace(array_keys($settings), array_values($settings), $rv); |