Skip to content

v1.6.2 — install.php regression fix

Choose a tag to compare

@mwtcmi mwtcmi released this 13 May 19:36

Fixes a v1.6.1 regression in the install/upgrade path.

Problem

v1.6.1's install.php contained $db = FreePBX::Database(); at file scope. FreePBX requires install.php from inside _runscripts() in modulefunctions.class.php, so the bare assignment leaked into the parent scope and replaced the legacy DB-class $db global with a BMO FreePBX\Database instance. The legacy DB's escapeSimple strips quotes (PearDB-compatible); the BMO Database's escapeSimple is PDO::quote() which keeps them. modulefunctions.class.php:2077 then double-quoted the version string and modulename when updating the modules table, producing:

UPDATE modules SET version=''1.6.1'' WHERE modulename=''frogman''

— a SQL syntax error that aborted the install partway, leaving the module in a 'Disabled; Pending upgrade' state requiring manual recovery.

Fix

Renamed the local in install.php from $db to $frogmanDb so it doesn't pollute the global. Added a comment block documenting the constraint.

If you hit the partial-failure state on v1.6.1

Upgrade to v1.6.2 and re-run fwconsole ma install frogman. The migrations themselves are idempotent so the re-run is safe — already-hashed tokens stay hashed, already-redacted audit entries stay redacted, no double-application.

No security fixes

This is the install-path regression fix only. The four v1.6.1 advisory patches remain in place.