1 files changed, 44 insertions, 58 deletions

diff --git a/install/index.php b/install/index.php
index e4728fa73..15fe1aa5a 100755..100644
--- a/install/index.php
+++ b/install/index.php
@@ -151,35 +151,21 @@
 	function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
 			$DB_PORT, $SELF_URL_PATH) {
 
-		$data = explode("\n", file_get_contents("../config.php-dist"));
-
-		$rv = "";
-
-		$finished = false;
-
-		foreach ($data as $line) {
-			if (preg_match("/define\('DB_TYPE'/", $line)) {
-				$rv .= "\tdefine('DB_TYPE', '$DB_TYPE');\n";
-			} else if (preg_match("/define\('DB_HOST'/", $line)) {
-				$rv .= "\tdefine('DB_HOST', '$DB_HOST');\n";
-			} else if (preg_match("/define\('DB_USER'/", $line)) {
-				$rv .= "\tdefine('DB_USER', '$DB_USER');\n";
-			} else if (preg_match("/define\('DB_NAME'/", $line)) {
-				$rv .= "\tdefine('DB_NAME', '$DB_NAME');\n";
-			} else if (preg_match("/define\('DB_PASS'/", $line)) {
-				$rv .= "\tdefine('DB_PASS', '$DB_PASS');\n";
-			} else if (preg_match("/define\('DB_PORT'/", $line)) {
-				$rv .= "\tdefine('DB_PORT', '$DB_PORT');\n";
-			} else if (preg_match("/define\('SELF_URL_PATH'/", $line)) {
-				$rv .= "\tdefine('SELF_URL_PATH', '$SELF_URL_PATH');\n";
-			} else if (!$finished) {
-				$rv .= "$line\n";
-			}
+		$rv = file_get_contents("../config.php-dist");
 
-			if (preg_match("/\?\>/", $line)) {
-				$finished = true;
-			}
-		}
+		$escape_chars = "\\'";
+
+		$settings = [
+			"%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql',
+			"%DB_HOST" => addcslashes($DB_HOST, $escape_chars),
+			"%DB_USER" => addcslashes($DB_USER, $escape_chars),
+			"%DB_NAME" => addcslashes($DB_NAME, $escape_chars),
+			"%DB_PASS" => addcslashes($DB_PASS, $escape_chars),
+			"%DB_PORT" => $DB_PORT ? intval($DB_PORT) : '',
+			"%SELF_URL_PATH" => addcslashes($SELF_URL_PATH, $escape_chars)
+		];
+
+		$rv = str_replace(array_keys($settings), array_values($settings), $rv);
 
 		return $rv;
 	}
@@ -250,28 +236,28 @@
 
 	<fieldset>
 		<label>Username:</label>
-		<input dojoType="dijit.form.TextBox" required name="DB_USER" size="20" value="<?php echo $DB_USER ?>"/>
+		<input dojoType="dijit.form.TextBox" required name="DB_USER" size="20" value="<?php echo htmlspecialchars($DB_USER) ?>"/>
 	</fieldset>
 
 	<fieldset>
 		<label>Password:</label>
-		<input dojoType="dijit.form.TextBox" name="DB_PASS" size="20" type="password" value="<?php echo $DB_PASS ?>"/>
+		<input dojoType="dijit.form.TextBox" name="DB_PASS" size="20" type="password" value="<?php echo htmlspecialchars($DB_PASS) ?>"/>
 	</fieldset>
 
 	<fieldset>
 		<label>Database name:</label>
-		<input dojoType="dijit.form.TextBox" required name="DB_NAME" size="20" value="<?php echo $DB_NAME ?>"/>
+		<input dojoType="dijit.form.TextBox" required name="DB_NAME" size="20" value="<?php echo htmlspecialchars($DB_NAME) ?>"/>
 	</fieldset>
 
 	<fieldset>
 		<label>Host name:</label>
-		<input dojoType="dijit.form.TextBox" name="DB_HOST" size="20" value="<?php echo $DB_HOST ?>"/>
+		<input dojoType="dijit.form.TextBox" name="DB_HOST" size="20" value="<?php echo htmlspecialchars($DB_HOST) ?>"/>
 		<span class="hint">If needed</span>
 	</fieldset>
 
 	<fieldset>
 		<label>Port:</label>
-		<input dojoType="dijit.form.TextBox" name="DB_PORT" type="number" size="20" value="<?php echo $DB_PORT ?>"/>
+		<input dojoType="dijit.form.TextBox" name="DB_PORT" type="number" size="20" value="<?php echo htmlspecialchars($DB_PORT) ?>"/>
 		<span class="hint">Usually 3306 for MySQL or 5432 for PostgreSQL</span>
 	</fieldset>
 
@@ -281,7 +267,7 @@
 
 	<fieldset>
 		<label>Tiny Tiny RSS URL:</label>
-		<input dojoType="dijit.form.TextBox" type="url" name="SELF_URL_PATH" placeholder="<?php echo $SELF_URL_PATH; ?>" value="<?php echo $SELF_URL_PATH ?>"/>
+		<input dojoType="dijit.form.TextBox" type="url" name="SELF_URL_PATH" placeholder="<?php echo htmlspecialchars($SELF_URL_PATH); ?>" value="<?php echo htmlspecialchars($SELF_URL_PATH) ?>"/>
 	</fieldset>
 
 	<p><button type="submit" dojoType="dijit.form.Button" class="alt-primary">Test configuration</button></p>
@@ -352,7 +338,7 @@
 		$pdo = pdo_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME, $DB_TYPE, $DB_PORT);
 
 		if (!$pdo) {
-			print_error("Unable to connect to database using specified parameters (driver: $DB_TYPE).");
+			print_error("Unable to connect to database using specified parameters (driver: " . htmlspecialchars($DB_TYPE) . ").");
 			exit;
 		}
 
@@ -378,13 +364,13 @@
 	<form method="post">
 		<input type="hidden" name="op" value="installschema">
 
-		<input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
-		<input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
-		<input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
-		<input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
-		<input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
-		<input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
-		<input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
+		<input type="hidden" name="DB_USER" value="<?php echo htmlspecialchars($DB_USER) ?>"/>
+		<input type="hidden" name="DB_PASS" value="<?php echo htmlspecialchars($DB_PASS) ?>"/>
+		<input type="hidden" name="DB_NAME" value="<?php echo htmlspecialchars($DB_NAME) ?>"/>
+		<input type="hidden" name="DB_HOST" value="<?php echo htmlspecialchars($DB_HOST) ?>"/>
+		<input type="hidden" name="DB_PORT" value="<?php echo htmlspecialchars($DB_PORT) ?>"/>
+		<input type="hidden" name="DB_TYPE" value="<?php echo htmlspecialchars($DB_TYPE) ?>"/>
+		<input type="hidden" name="SELF_URL_PATH" value="<?php echo htmlspecialchars($SELF_URL_PATH) ?>"/>
 
 		<p>
 		<?php if ($need_confirm) { ?>
@@ -398,13 +384,13 @@
 
 	</td><td>
 	<form method="post">
-		<input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
-		<input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
-		<input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
-		<input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
-		<input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
-		<input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
-		<input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
+		<input type="hidden" name="DB_USER" value="<?php echo htmlspecialchars($DB_USER) ?>"/>
+		<input type="hidden" name="DB_PASS" value="<?php echo htmlspecialchars($DB_PASS) ?>"/>
+		<input type="hidden" name="DB_NAME" value="<?php echo htmlspecialchars($DB_NAME) ?>"/>
+		<input type="hidden" name="DB_HOST" value="<?php echo htmlspecialchars($DB_HOST) ?>"/>
+		<input type="hidden" name="DB_PORT" value="<?php echo htmlspecialchars($DB_PORT) ?>"/>
+		<input type="hidden" name="DB_TYPE" value="<?php echo htmlspecialchars($DB_TYPE) ?>"/>
+		<input type="hidden" name="SELF_URL_PATH" value="<?php echo htmlspecialchars($SELF_URL_PATH) ?>"/>
 
 		<input type="hidden" name="op" value="skipschema">
 
@@ -456,16 +442,16 @@
 
 			<form action="" method="post">
 				<input type="hidden" name="op" value="saveconfig">
-				<input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
-				<input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
-				<input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
-				<input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
-				<input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
-				<input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
-				<input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
+				<input type="hidden" name="DB_USER" value="<?php echo htmlspecialchars($DB_USER) ?>"/>
+				<input type="hidden" name="DB_PASS" value="<?php echo htmlspecialchars($DB_PASS) ?>"/>
+				<input type="hidden" name="DB_NAME" value="<?php echo htmlspecialchars($DB_NAME) ?>"/>
+				<input type="hidden" name="DB_HOST" value="<?php echo htmlspecialchars($DB_HOST) ?>"/>
+				<input type="hidden" name="DB_PORT" value="<?php echo htmlspecialchars($DB_PORT) ?>"/>
+				<input type="hidden" name="DB_TYPE" value="<?php echo htmlspecialchars($DB_TYPE) ?>"/>
+				<input type="hidden" name="SELF_URL_PATH" value="<?php echo htmlspecialchars($SELF_URL_PATH) ?>"/>
 			<?php print "<textarea rows='20' style='width : 100%'>";
-			echo make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
-				$DB_PORT, $SELF_URL_PATH);
+			echo htmlspecialchars(make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
+				$DB_PORT, $SELF_URL_PATH));
 			print "</textarea>"; ?>
 
 			<hr/>