Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various fixes to the installation wizard #68

Closed
wants to merge 15 commits into from
Closed

Various fixes to the installation wizard #68

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c2b7643
Don't bother with vim .swp files
acli May 1, 2013
ae074dc
Do not display irrelevant, spurious errors if we cannot even get a co…
acli May 2, 2013
dadca2e
The password contains extra backslashes which needs to be removed. Fi…
acli May 2, 2013
5715e82
Do not check in include/config.inc.php
acli May 2, 2013
4f55f10
Wrong documentation format - should be @return not @param
acli May 2, 2013
3319688
Password needs to be re-escaped before saving. Fixes #10 in Ambrose's…
acli May 2, 2013
4b33e20
Should not create .gitignore upstream. Sorry.
acli May 2, 2013
822b89a
Edits per discussion. Not yet tested.
acli May 2, 2013
0f63335
Reverted the $addslashes / $stripslashes changes until I can figure o…
acli May 2, 2013
33705d0
Added back the $addslashes / $stripslashes changes. They *are* define…
acli May 3, 2013
1a44c4b
config_template.php should use addslashes, not $addslashes because we…
acli May 3, 2013
56cbad6
Missing urldecode, so random characters in the password got totally m…
acli May 4, 2013
4806431
Missing urldecode, so random characters in the password got totally m…
acli May 4, 2013
e79c65a
Merge branch '20130504_INSTALLER_STEP6_MYSQL_VERSION'
acli May 4, 2013
6b6c487
Update the function comments based on the findings
acli May 7, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 4 additions & 3 deletions include/install/config_template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,12 @@
/**
* Create the include/config.inc.php based on the config template
* @param self-explanatory
* @param true or false. If the file is written successfully, return true, otherwise, return false.
* @return bool true or false. If the file is written successfully, return true, otherwise, return false.
*/
function write_config_file($filename, $db_login, $db_pwd, $db_host, $db_port, $db_name, $tb_prefix,
$comments, $content_dir, $smtp, $get_file) {
global $config_template;
global $addslashes;

$tokens = array('{USER}',
'{PASSWORD}',
Expand All @@ -34,7 +35,7 @@ function write_config_file($filename, $db_login, $db_pwd, $db_host, $db_port, $d
);

$values = array(urldecode($db_login),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the password has single quotes (U+0027), the added backslashes would have been taken out by the fix in step2.php (to make mysql_connect() work). Unfortunately this means when the password is written to config.inc.php, they would be unescaped. The result is a config.inc.php with syntax errors.

This was not a problem before step2.php was fixed because in an unpatched system passwords with U+0027 just do not work.

urldecode($db_pwd),
$addslashes(urldecode($db_pwd)),
$db_host,
$db_port,
$db_name,
Expand Down Expand Up @@ -141,4 +142,4 @@ function parse_config_file($config_file) {

?".">";

?>
?>
3 changes: 2 additions & 1 deletion include/install/install.inc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,8 @@ function create_and_switch_db($db_host, $db_port, $db_login, $db_pwd, $tb_prefix
} else {
$msg->addError('UNABLE_CONNECT_DB');
}
}
return false;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any further tests are just going to fail because we don’t have a connection to the SQL server. So instead of presenting a whole bunch of misleading error messages to the user, we should just stop here.

}

$tb_prefix = $addslashes($tb_prefix);
$db_name = $addslashes($db_name);
Expand Down
3 changes: 2 additions & 1 deletion install/include/step2.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@
if (!defined('AT_INSTALLER_INCLUDE_PATH') || !defined('AT_INCLUDE_PATH')) { exit; }

include(AT_INCLUDE_PATH . 'install/install.inc.php');
global $addslashes, $stripslashes;

if(isset($_POST['submit'])) {
//check DB & table connection
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Passwords with U+0027 were escaped with backslashes. Eventually these backslashes make it to mysql_connect(), which causes a failure to connect.

$db = create_and_switch_db($_POST['db_host'], $_POST['db_port'], $_POST['db_login'], $_POST['db_password'], $_POST['tb_prefix'], $_POST['db_name'], true);
$db = create_and_switch_db($_POST['db_host'], $_POST['db_port'], $_POST['db_login'], $stripslashes($_POST['db_password']), $_POST['tb_prefix'], $_POST['db_name'], true);

if (!isset($errors)) {

Expand Down