Merge branch 'escape-install-part-two' of JustAMacUser/tt-rss into master

author: fox <[email protected]> 2020-04-22 03:55:06 +0000
committer: Gogs <[email protected]> 2020-04-22 03:55:06 +0000
commit: daaba66f85c101b6b9ed41a3bfa4af7bf3e674bc (patch)
tree: 54371782dda7b6b6bf332dd9c66fcb8c54a8c374 /install
parent: 2c53343e432e021c49434508274d1f3410f27356 (diff)
parent: 9c3cf60592d99494903184c268581dd18cf5b353 (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/install/index.php b/install/index.php
index ea88d1877..15fe1aa5a 100644
--- a/install/index.php
+++ b/install/index.php
@@ -153,14 +153,16 @@
 
 		$rv = file_get_contents("../config.php-dist");
 
+		$escape_chars = "\\'";
+
 		$settings = [
 			"%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql',
-			"%DB_HOST" => addslashes($DB_HOST),
-			"%DB_USER" => addslashes($DB_USER),
-			"%DB_NAME" => addslashes($DB_NAME),
-			"%DB_PASS" => addslashes($DB_PASS),
-			"%DB_PORT" => intval($DB_PORT),
-			"%SELF_URL_PATH" => addslashes($SELF_URL_PATH)
+			"%DB_HOST" => addcslashes($DB_HOST, $escape_chars),
+			"%DB_USER" => addcslashes($DB_USER, $escape_chars),
+			"%DB_NAME" => addcslashes($DB_NAME, $escape_chars),
+			"%DB_PASS" => addcslashes($DB_PASS, $escape_chars),
+			"%DB_PORT" => $DB_PORT ? intval($DB_PORT) : '',
+			"%SELF_URL_PATH" => addcslashes($SELF_URL_PATH, $escape_chars)
 		];
 
 		$rv = str_replace(array_keys($settings), array_values($settings), $rv);
author	fox <[email protected]>	2020-04-22 03:55:06 +0000
committer	Gogs <[email protected]>	2020-04-22 03:55:06 +0000
commit	daaba66f85c101b6b9ed41a3bfa4af7bf3e674bc (patch)
tree	54371782dda7b6b6bf332dd9c66fcb8c54a8c374 /install
parent	2c53343e432e021c49434508274d1f3410f27356 (diff)
parent	9c3cf60592d99494903184c268581dd18cf5b353 (diff)