aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/docs/CHANGELOG.html2
-rw-r--r--phpBB/install/install_convert.php7
-rwxr-xr-xphpBB/install/install_install.php39
3 files changed, 29 insertions, 19 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 3537cb5a0b..d2e8fb02ae 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -87,6 +87,8 @@
<li>[Change] Validate birthdays (Bug #15004)</li>
<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
<li>[Fix] Fix disabling of word censor, now possible again</li>
+ <li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
+ <li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
</ul>
<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php
index d1e36ec4a4..f1544c931a 100644
--- a/phpBB/install/install_convert.php
+++ b/phpBB/install/install_convert.php
@@ -422,8 +422,7 @@ class install_convert extends module
}
else
{
- $src_dbpasswd = htmlspecialchars_decode($src_dbpasswd);
- $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
+ $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
}
// The forum prefix of the old and the new forum can only be the same if two different databases are used.
@@ -443,7 +442,7 @@ class install_convert extends module
{
$sql_db = 'dbal_' . $src_dbms;
$src_db = new $sql_db();
- $src_db->sql_connect($src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, false, true);
+ $src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
$same_db = false;
}
else
@@ -666,7 +665,7 @@ class install_convert extends module
}
$sql_db = 'dbal_' . $convert->src_dbms;
$src_db = new $sql_db();
- $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, $convert->src_dbpasswd, $convert->src_dbname, $convert->src_dbport, false, true);
+ $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
$same_db = false;
}
else
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 3afdb66e1e..2c4d9a0fda 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -551,7 +551,7 @@ class install_install extends module
}
else
{
- $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']);
+ $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport']);
}
$template->assign_block_vars('checks', array(
@@ -884,17 +884,26 @@ class install_install extends module
// Time to convert the data provided into a config file
$config_data = "<?php\n";
$config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n";
- $config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n";
- $config_data .= "\$dbhost = '{$data['dbhost']}';\n";
- $config_data .= "\$dbport = '{$data['dbport']}';\n";
- $config_data .= "\$dbname = '{$data['dbname']}';\n";
- $config_data .= "\$dbuser = '{$data['dbuser']}';\n";
- $config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n";
- $config_data .= "\$table_prefix = '{$data['table_prefix']}';\n";
-// $config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n";
- $config_data .= "\$acm_type = 'file';\n";
- $config_data .= "\$load_extensions = '$load_extensions';\n\n";
- $config_data .= "@define('PHPBB_INSTALLED', true);\n";
+
+ $config_data_array = array(
+ 'dbms' => $available_dbms[$data['dbms']]['DRIVER'],
+ 'dbhost' => $data['dbhost'],
+ 'dbport' => $data['dbport'],
+ 'dbname' => $data['dbname'],
+ 'dbuser' => $data['dbuser'],
+ 'dbpasswd' => htmlspecialchars_decode($data['dbpasswd']),
+ 'table_prefix' => $data['table_prefix'],
+ 'acm_type' => 'file',
+ 'load_extensions' => $load_extensions,
+ );
+
+ foreach ($config_data_array as $key => $value)
+ {
+ $config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n";
+ }
+ unset($config_data_array);
+
+ $config_data .= "\n@define('PHPBB_INSTALLED', true);\n";
$config_data .= "// @define('DEBUG', true);\n";
$config_data .= "// @define('DEBUG_EXTRA', true);\n";
$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
@@ -1124,7 +1133,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
- $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+ $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@@ -1408,7 +1417,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
- $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+ $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@@ -1948,7 +1957,7 @@ class install_install extends module
'dbhost' => request_var('dbhost', ''),
'dbport' => request_var('dbport', ''),
'dbuser' => request_var('dbuser', ''),
- 'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)),
+ 'dbpasswd' => request_var('dbpasswd', '', true),
'dbname' => request_var('dbname', ''),
'table_prefix' => request_var('table_prefix', ''),
'default_lang' => basename(request_var('default_lang', '')),