aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/install
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/install')
-rw-r--r--phpBB/phpbb/install/helper/config.php2
-rw-r--r--phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php8
-rw-r--r--phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php6
-rw-r--r--phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php4
-rw-r--r--phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php8
5 files changed, 15 insertions, 13 deletions
diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php
index fad6749019..7eb0ae3b05 100644
--- a/phpBB/phpbb/install/helper/config.php
+++ b/phpBB/phpbb/install/helper/config.php
@@ -330,6 +330,8 @@ class config
fwrite($fp, $file_content);
fclose($fp);
+ // Enforce 0600 permission for install config
+ $this->filesystem->chmod([$this->install_config_file], 0600);
}
/**
diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php
index dc7b060746..6ec1e612b9 100644
--- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php
+++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php
@@ -78,10 +78,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in
$dbms = $this->io_handler->get_input('dbms', '');
$dbhost = $this->io_handler->get_input('dbhost', '', true);
$dbport = $this->io_handler->get_input('dbport', '');
- $dbuser = $this->io_handler->get_input('dbuser', '');
- $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '');
- $dbname = $this->io_handler->get_input('dbname', '');
- $table_prefix = $this->io_handler->get_input('table_prefix', '');
+ $dbuser = $this->io_handler->get_input('dbuser', '', true);
+ $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '', true);
+ $dbname = $this->io_handler->get_input('dbname', '', true);
+ $table_prefix = $this->io_handler->get_input('table_prefix', '', true);
// Check database data
$user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix);
diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php
index e8a9c971b7..7cd0d7bf23 100644
--- a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php
+++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php
@@ -50,11 +50,11 @@ class obtain_email_data extends \phpbb\install\task_base implements \phpbb\insta
// E-mail data
$email_enable = $this->io_handler->get_input('email_enable', true);
$smtp_delivery = $this->io_handler->get_input('smtp_delivery', '');
- $smtp_host = $this->io_handler->get_input('smtp_host', '');
+ $smtp_host = $this->io_handler->get_input('smtp_host', '', true);
$smtp_port = $this->io_handler->get_input('smtp_port', '');
$smtp_auth = $this->io_handler->get_input('smtp_auth', '');
- $smtp_user = $this->io_handler->get_input('smtp_user', '');
- $smtp_passwd = $this->io_handler->get_input('smtp_pass', '');
+ $smtp_user = $this->io_handler->get_input('smtp_user', '', true);
+ $smtp_passwd = $this->io_handler->get_input('smtp_pass', '', true);
$auth_methods = array('PLAIN', 'LOGIN', 'CRAM-MD5', 'DIGEST-MD5', 'POP-BEFORE-SMTP');
diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php
index 1ef70eae08..5096ce284e 100644
--- a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php
+++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php
@@ -79,9 +79,9 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst
$cookie_secure = $this->io_handler->get_input('cookie_secure', $cookie_secure);
$server_protocol = $this->io_handler->get_input('server_protocol', $server_protocol);
$force_server_vars = $this->io_handler->get_input('force_server_vars', 0);
- $server_name = $this->io_handler->get_input('server_name', $server_name);
+ $server_name = $this->io_handler->get_input('server_name', $server_name, true);
$server_port = $this->io_handler->get_input('server_port', $server_port);
- $script_path = $this->io_handler->get_input('script_path', $script_path);
+ $script_path = $this->io_handler->get_input('script_path', $script_path, true);
// Clean up script path
if ($script_path !== '/')
diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php
index f31472fc58..3c17576c13 100644
--- a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php
+++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php
@@ -85,10 +85,10 @@ class obtain_update_ftp_data extends task_base
$method = $methods[0];
}
- $ftp_host = $this->iohandler->get_input('ftp_host', '');
- $ftp_user = $this->iohandler->get_input('ftp_user', '');
- $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', ''));
- $ftp_path = $this->iohandler->get_input('ftp_path', '');
+ $ftp_host = $this->iohandler->get_input('ftp_host', '', true);
+ $ftp_user = $this->iohandler->get_input('ftp_user', '', true);
+ $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true));
+ $ftp_path = $this->iohandler->get_input('ftp_path', '', true);
$ftp_port = $this->iohandler->get_input('ftp_port', 21);
$ftp_time = $this->iohandler->get_input('ftp_timeout', 10);
generated by cgit v1.2.1 (git 2.21.0) at 2025-06-12 00:09:58 +0000