security: Security Patch to deal with reported vulnerabilties (#7164)

* WIP: Security Patch * Update install.php Styling fix * Update install.php * Update dbFacile.php * Fix whitespace
librenms · Aug 18, 2017 · d3094fa · d3094fa
1 parent 3ed5aca
commit d3094fa
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/html/install.php b/html/install.php
@@ -2,7 +2,7 @@
 session_start();
 if (empty($_POST) && !empty($_SESSION) && !isset($_REQUEST['stage'])) {
     $_POST = $_SESSION;
-} else {
+} elseif (!file_exists("../config.php")) {
     $_SESSION = array_replace($_SESSION, $_POST);
 }
 
@@ -52,7 +52,9 @@
 // Check we can connect to MySQL DB, if not, back to stage 1 :)
 if ($stage > 1) {
     try {
-        dbConnect();
+        if ($stage != 6) {
+            dbConnect();
+        }
         if ($stage == 2 && $_SESSION['build-ok'] == true) {
             $stage = 3;
             $msg = "It appears that the database is already setup so have moved onto stage $stage";

diff --git a/includes/dbFacile.php b/includes/dbFacile.php
@@ -58,6 +58,7 @@ function dbConnect($host = null, $user = '', $password = '', $database = '', $po
     $socket = empty($socket) ? $config['db_socket'] : $socket;
 
     $database_link = mysqli_connect('p:' . $host, $user, $password, null, $port, $socket);
+    mysqli_options($database_link, MYSQLI_OPT_LOCAL_INFILE, false);
     if ($database_link === false) {
         $error = mysqli_connect_error();
         if ($error == 'No such file or directory') {