Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Sanatizing all data being written about db connection

  • Loading branch information...
commit 5f669ab82308d8e421c846c7855cc30284350645 1 parent 853eabf
Diogo Freire authored
Showing with 10 additions and 17 deletions.
  1. +10 −17 installer/wizard.php
View
27 installer/wizard.php
@@ -614,12 +614,12 @@ public static function install_database()
// Store the database info
self::$_data['database'] = array(
'host' => $host,
- 'username' => $username,
- 'password' => $password,
- 'database_name' => $database,
+ 'user' => $username,
+ 'pass' => $password,
+ 'database' => $database,
'table_prefix' => $table_prefix
);
-
+
// Set up the database schema + objects
self::_database_connect();
@@ -684,8 +684,8 @@ private static function _database_connect()
{
$params = self::$_data['database'];
- self::$_connection = mysql_connect($params['host'], $params['username'],
- $params['password'], TRUE);
+ self::$_connection = mysql_connect($params['host'], $params['user'],
+ $params['pass'], TRUE);
if ( ! self::$_connection)
{
@@ -694,7 +694,7 @@ private static function _database_connect()
return FALSE;
}
- $database_name = $params['database_name'];
+ $database_name = $params['database'];
if ( ! mysql_select_db($database_name))
{
@@ -763,15 +763,8 @@ private static function _create_database_config()
{
if (($template_file = file($template_file_name)) !== FALSE)
{
- $params = self::$_data['database'];
- $config_params = array(
- 'user' => $params['username'],
- 'pass' => addslashes($params['password']),
- 'host' => $params['host'],
- 'database' => $params['database_name'],
- 'table_prefix' => $params['table_prefix']
- );
-
+ $config_params = self::$_data['database'];
+
foreach ($template_file as $line_no => $line)
{
foreach ($config_params as $config => $value)
@@ -779,7 +772,7 @@ private static function _create_database_config()
$search = sprintf("/'%s' =>.*/i", $config);
if (preg_match($search, $line, $matches))
{
- $replace = sprintf("'%s' => '%s',", $config, $value);
+ $replace = sprintf("'%s' => '%s',", $config, addslashes($value));
$line = preg_replace("/".$matches[0]."/i", $replace, $line);
break;
}
Please sign in to comment.
Something went wrong with that request. Please try again.