Skip to content

Commit 9696012

Browse files
committed
Limit DB LOGIN NAMES length to avoid some kind of injection
1 parent e2d1d1f commit 9696012

File tree

1 file changed

+9
-6
lines changed

1 file changed

+9
-6
lines changed

Diff for: install/installNewDB.php

+9-6
Original file line numberDiff line numberDiff line change
@@ -63,22 +63,25 @@
6363
$db_server = trim($_SESSION['databasehost']);
6464
$db_server = preg_replace($san,'',$db_server);
6565

66-
$db_admin_name = trim($_SESSION['databaseloginname']);
67-
$db_admin_name = preg_replace($san,'',$db_admin_name);
68-
6966
$db_admin_pass = trim($_SESSION['databaseloginpassword']);
7067
$db_admin_pass = preg_replace($san,'',$db_admin_pass);
7168

7269
$db_type = trim($_SESSION['databasetype']);
7370
$db_type = preg_replace($san,'',$db_type);
7471

75-
$tl_db_login = trim($_SESSION['tl_loginname']);
76-
$tl_db_login = preg_replace($san,'',$tl_db_login);
77-
7872
$tl_db_passwd = trim($_SESSION['tl_loginpassword']);
7973
$tl_db_passwd = preg_replace($san,'',$tl_db_passwd);
8074

8175

76+
// will limit length to avoi some kind of injection
77+
// Choice: 32
78+
$tl_db_login = trim($_SESSION['tl_loginname']);
79+
$tl_db_login = substr(preg_replace($san,'',$tl_db_login),0,32);
80+
81+
$db_admin_name = trim($_SESSION['databaseloginname']);
82+
$db_admin_name = substr(preg_replace($san,'',$db_admin_name),0,32);
83+
84+
8285

8386
$sql_create_schema = array();
8487
$sql_create_schema[] = "sql/{$db_type}/testlink_create_tables.sql";

0 commit comments

Comments
 (0)