Merge remote-tracking branch 'upstream/pr/12528'

* upstream/pr/12528: Added hotfix to sanitize MySQL passwords before writing to config file. Fixes Issue 12502.
modxcms · Aug 11, 2015 · 4ba59a4 · 4ba59a4
2 parents 2701aa2 + 75c6240
commit 4ba59a4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/core/docs/changelog.txt b/core/docs/changelog.txt
@@ -4,6 +4,7 @@ development release, and is only shown to give an idea of what's currently in th
 
 MODX Revolution 2.3.6-dev
 ====================================
+- Fix fatal error when the database password contains a quote [#12528]
 - Fix several "language string not found" errors [#12546, #12545]
 - Add ability to disable on the fly compression to traditional installs [#12486]
 - Fix output of [^p^] tag on certain locales [#12514]

diff --git a/setup/includes/runner/modinstallrunner.class.php b/setup/includes/runner/modinstallrunner.class.php
@@ -22,7 +22,7 @@ abstract class modInstallRunner {
     public $versioner;
     /** @var array $results */
     public $results = array();
-    
+
     function __construct(modInstall $install,array $config = array()) {
         $this->install =& $install;
         $this->xpdo =& $install->xpdo;
@@ -155,6 +155,15 @@ public function writeConfig() {
         $configTpl = MODX_CORE_PATH . 'docs/config.inc.tpl';
         $configFile = MODX_CORE_PATH . 'config/' . MODX_CONFIG_KEY . '.inc.php';
 
+        /**
+         * Sanitize MySQL Password before writing to config, escaping '
+         * I'm sure there's a better way to do this, but this works for now.
+         * Otherwise, we risk fatal PHP errors if the entered Password
+         * contains any single quotes as they would escape the string.
+         * See GitHub issue 12502 for more information. https://github.com/modxcms/revolution/issues/12502
+         */
+        $this->install->settings->settings['database_password'] = addslashes($this->install->settings->settings['database_password']);
+
         $settings = $this->install->settings->fetch();
         $settings['last_install_time'] = time();
         $settings['site_id'] = uniqid('modx',true);
@@ -205,4 +214,4 @@ public function writeConfig() {
     abstract public function execute($mode);
     abstract public function initialize();
     abstract public function cleanup();
-}
+}