From 81f968fc4176ab7cd8ab67d01761ed3b18ba59c9 Mon Sep 17 00:00:00 2001
From: atutor <info@atutor.ca>
Date: Sat, 4 Oct 2014 12:48:09 -0400
Subject: [PATCH] 5495 created queryDButf8() function to handle the installer's
 utf8 checking, and fixed a couple mysql query error in step 3 and 6 of the
 mysql install

---
 include/install/install.inc.php   |  9 +++---
 include/lib/mysql_connect.inc.php | 48 +++++++++++++++++++++++++++++++
 install/include/step3.php         |  2 +-
 install/include/step6.php         |  3 +-
 4 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/include/install/install.inc.php b/include/install/install.inc.php
index b7a9e789f..2ccb0e836 100644
--- a/include/install/install.inc.php
+++ b/include/install/install.inc.php
@@ -459,11 +459,12 @@ function create_and_switch_db($db_host, $db_port, $db_login, $db_pwd, $tb_prefix
 		/* Check if the database that existed is in UTF-8, if not, ask for retry */
 		at_db_select($db_name, $db);
 		$sql = "SHOW CREATE DATABASE `%s`";
-		$row = queryDB($sql, array($db_name));
-		
+		$row = queryDButf8($sql, array($db_name), true, true, $db);
+
 		if (!preg_match('/CHARACTER SET utf8/i', $row['Create Database'])){
 			$sql2 = 'ALTER DATABASE `%s` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci';
-			$result2 = queryDB($sql2, array($db_name));
+			$result2 = queryDButf8($sql2, array($db_name),false, true, $db);
+
 			if ($result2 == 0){
 				if ($in_plain_msg) {
 					$errors[] = 'Database <b>'.$db_name.'</b> is not in UTF8.  Please set the database character set to UTF8 before continuing by using the following query: <br /> ALTER DATABASE `'.$db_name.'` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci.  <br />To use ALTER DATABASE, you need the ALTER privilege on the database.  You can also check the MySQL manual <a href="http://dev.mysql.com/doc/refman/4.1/en/alter-database.html" target="mysql_window">here</a>.';
@@ -475,4 +476,4 @@ function create_and_switch_db($db_host, $db_port, $db_login, $db_pwd, $tb_prefix
 	}
 	return $db;
 }
-?>
+?>
\ No newline at end of file
diff --git a/include/lib/mysql_connect.inc.php b/include/lib/mysql_connect.inc.php
index 2ff60fc5d..9c54fc38b 100644
--- a/include/lib/mysql_connect.inc.php
+++ b/include/lib/mysql_connect.inc.php
@@ -124,7 +124,55 @@ function queryDB($query, $params=array(), $oneRow = false, $sanitize = true, $ca
     return execute_sql($sql, $oneRow, $callback_func, $array_type);
 
 }
+function queryDButf8($query, $params=array(), $oneRow = true, $sanitize, $db, $array_type = MYSQL_ASSOC) {
+    global $msg, $addslashes;
 
+    if ($sanitize) {
+        foreach($params as $i=>$value) {
+         if(defined('MYSQLI_ENABLED')){  
+             $value = $addslashes(htmlspecialchars_decode($value, ENT_QUOTES));  
+             $params[$i] = $db->real_escape_string($value);
+            }else {
+             $params[$i] = $addslashes($value);           
+            }
+        }
+    }
+
+    $sql = vsprintf($query, $params);
+
+    if(defined('MYSQLI_ENABLED')){
+           $result = $db->query($sql) or (error_log(print_r($db->error . "\nSQL: " . $sql, true), 0) and $msg->addError($displayErrorMessage));                
+
+    }else{
+           $result = mysql_query($sql, $db) or (error_log(print_r(mysql_error(), true), 0) and $msg->addError($displayErrorMessage));
+    }
+    if ($oneRow) {
+          if(defined('MYSQLI_ENABLED')){            
+            $row = $result->fetch_array($array_type);              
+
+          }else {
+            $row = mysql_fetch_array($result, $array_type);              
+          }
+
+        // Check that there are no more than 1 row expected.
+          if(defined('MYSQLI_ENABLED')){
+               if ($result->fetch_array($array_type)) {
+                $msg->addError($displayErrorMessage);
+                return at_affected_rows($db);
+                }           
+          }else{
+              if (mysql_fetch_array($result, $array_type)) {
+                $msg->addError($displayErrorMessage);
+                return at_affected_rows($db);
+                }            
+          }
+
+        unset($result);
+        return ($row) ? $row : array();
+    } else{
+        return $result;
+    }
+}
 function sqlout($sql){
     //output the sql with variable values inserted
     global $sqlout;
diff --git a/install/include/step3.php b/install/include/step3.php
index 7fe9dcc3c..13a43fd70 100644
--- a/install/include/step3.php
+++ b/install/include/step3.php
@@ -21,7 +21,7 @@
     if(defined('MYSQLI_ENABLED')){
  	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']), $_POST['step2']['db_name']);   
     }else{
-	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']));
+	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']), '');
 	    at_db_select($_POST['step2']['db_name'], $db);
     }
         
diff --git a/install/include/step6.php b/install/include/step6.php
index a97770c0c..b0e57074c 100644
--- a/install/include/step6.php
+++ b/install/include/step6.php
@@ -171,7 +171,8 @@
 			if ($_POST['step1']['old_path'] != '') {
 				$db     = at_db_connect($_POST['step1']['db_host'], $_POST['step1']['db_port'], $_POST['step1']['db_login'], urldecode($_POST['step1']['db_password']));
 			} else {
-				$db     = at_db_connect($_POST['step2']['db_host'], $_POST['step2']['db_port'], $_POST['step2']['db_login'], urldecode($_POST['step2']['db_password']));
+				$db     = at_db_connect($_POST['step2']['db_host'], $_POST['step2']['db_port'], $_POST['step2']['db_login'], urldecode($_POST['step2']['db_password']), '');
+				
 			}
 
 			$row = at_db_version($db);