Fix for ticket #2828, part II: apostrophe in site name set in installer created a broken config.php.
The previous commit fixed the base installer to properly quote its strings when creating config.php... but you'd actually end up with double-escaping if you had magic_quotes_gpc on. Magic quotes are evil and lame, but we gotta deal with em. :P Updated the web installer code to check for magic quotes, and to grab its variables consistently through the same interface.
This commit is contained in:
parent
3f74f44603
commit
56403c4beb
83
install.php
83
install.php
|
@ -45,14 +45,62 @@ require INSTALLDIR . '/lib/installer.php';
|
||||||
* Helper class for building form
|
* Helper class for building form
|
||||||
*/
|
*/
|
||||||
class Posted {
|
class Posted {
|
||||||
|
/**
|
||||||
|
* HTML-friendly escaped string for the POST param of given name, or empty.
|
||||||
|
* @param string $name
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function value($name)
|
function value($name)
|
||||||
|
{
|
||||||
|
return htmlspecialchars($this->string($name));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The given POST parameter value, forced to a string.
|
||||||
|
* Missing value will give ''.
|
||||||
|
*
|
||||||
|
* @param string $name
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
function string($name)
|
||||||
|
{
|
||||||
|
return strval($this->raw($name));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The given POST parameter value, in its original form.
|
||||||
|
* Magic quotes are stripped, if provided.
|
||||||
|
* Missing value will give null.
|
||||||
|
*
|
||||||
|
* @param string $name
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
function raw($name)
|
||||||
{
|
{
|
||||||
if (isset($_POST[$name])) {
|
if (isset($_POST[$name])) {
|
||||||
return htmlspecialchars(strval($_POST[$name]));
|
return $this->dequote($_POST[$name]);
|
||||||
} else {
|
} else {
|
||||||
return '';
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If necessary, strip magic quotes from the given value.
|
||||||
|
*
|
||||||
|
* @param mixed $val
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
function dequote($val)
|
||||||
|
{
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
if (is_string($val)) {
|
||||||
|
return stripslashes($val);
|
||||||
|
} else if (is_array($val)) {
|
||||||
|
return array_map(array($this, 'dequote'), $val);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $val;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -107,11 +155,7 @@ class WebInstaller extends Installer
|
||||||
global $dbModules;
|
global $dbModules;
|
||||||
$post = new Posted();
|
$post = new Posted();
|
||||||
$dbRadios = '';
|
$dbRadios = '';
|
||||||
if (isset($_POST['dbtype'])) {
|
$dbtype = $post->raw('dbtype');
|
||||||
$dbtype = $_POST['dbtype'];
|
|
||||||
} else {
|
|
||||||
$dbtype = null;
|
|
||||||
}
|
|
||||||
foreach (self::$dbModules as $type => $info) {
|
foreach (self::$dbModules as $type => $info) {
|
||||||
if ($this->checkExtension($info['check_module'])) {
|
if ($this->checkExtension($info['check_module'])) {
|
||||||
if ($dbtype == null || $dbtype == $type) {
|
if ($dbtype == null || $dbtype == $type) {
|
||||||
|
@ -245,19 +289,20 @@ STR;
|
||||||
*/
|
*/
|
||||||
function prepare()
|
function prepare()
|
||||||
{
|
{
|
||||||
$this->host = $_POST['host'];
|
$post = new Posted();
|
||||||
$this->dbtype = $_POST['dbtype'];
|
$this->host = $post->string('host');
|
||||||
$this->database = $_POST['database'];
|
$this->dbtype = $post->string('dbtype');
|
||||||
$this->username = $_POST['dbusername'];
|
$this->database = $post->string('database');
|
||||||
$this->password = $_POST['dbpassword'];
|
$this->username = $post->string('dbusername');
|
||||||
$this->sitename = $_POST['sitename'];
|
$this->password = $post->string('dbpassword');
|
||||||
$this->fancy = !empty($_POST['fancy']);
|
$this->sitename = $post->string('sitename');
|
||||||
|
$this->fancy = (bool)$post->string('fancy');
|
||||||
|
|
||||||
$this->adminNick = strtolower($_POST['admin_nickname']);
|
$this->adminNick = strtolower($post->string('admin_nickname'));
|
||||||
$this->adminPass = $_POST['admin_password'];
|
$this->adminPass = $post->string('admin_password');
|
||||||
$adminPass2 = $_POST['admin_password2'];
|
$adminPass2 = $post->string('admin_password2');
|
||||||
$this->adminEmail = $_POST['admin_email'];
|
$this->adminEmail = $post->string('admin_email');
|
||||||
$this->adminUpdates = $_POST['admin_updates'];
|
$this->adminUpdates = $post->string('admin_updates');
|
||||||
|
|
||||||
$this->server = $_SERVER['HTTP_HOST'];
|
$this->server = $_SERVER['HTTP_HOST'];
|
||||||
$this->path = substr(dirname($_SERVER['PHP_SELF']), 1);
|
$this->path = substr(dirname($_SERVER['PHP_SELF']), 1);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user