diff options
-rw-r--r-- | phpBB/docs/CHANGELOG.html | 2 | ||||
-rw-r--r-- | phpBB/install/install_convert.php | 7 | ||||
-rwxr-xr-x | phpBB/install/install_install.php | 39 |
3 files changed, 29 insertions, 19 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 3537cb5a0b..d2e8fb02ae 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -87,6 +87,8 @@ <li>[Change] Validate birthdays (Bug #15004)</li> <li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li> <li>[Fix] Fix disabling of word censor, now possible again</li> + <li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li> + <li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li> </ul> <a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3> diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php index d1e36ec4a4..f1544c931a 100644 --- a/phpBB/install/install_convert.php +++ b/phpBB/install/install_convert.php @@ -422,8 +422,7 @@ class install_convert extends module } else { - $src_dbpasswd = htmlspecialchars_decode($src_dbpasswd); - $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false); + $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false); } // The forum prefix of the old and the new forum can only be the same if two different databases are used. @@ -443,7 +442,7 @@ class install_convert extends module { $sql_db = 'dbal_' . $src_dbms; $src_db = new $sql_db(); - $src_db->sql_connect($src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, false, true); + $src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true); $same_db = false; } else @@ -666,7 +665,7 @@ class install_convert extends module } $sql_db = 'dbal_' . $convert->src_dbms; $src_db = new $sql_db(); - $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, $convert->src_dbpasswd, $convert->src_dbname, $convert->src_dbport, false, true); + $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true); $same_db = false; } else diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 3afdb66e1e..2c4d9a0fda 100755 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -551,7 +551,7 @@ class install_install extends module } else { - $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']); + $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport']); } $template->assign_block_vars('checks', array( @@ -884,17 +884,26 @@ class install_install extends module // Time to convert the data provided into a config file $config_data = "<?php\n"; $config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n"; - $config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n"; - $config_data .= "\$dbhost = '{$data['dbhost']}';\n"; - $config_data .= "\$dbport = '{$data['dbport']}';\n"; - $config_data .= "\$dbname = '{$data['dbname']}';\n"; - $config_data .= "\$dbuser = '{$data['dbuser']}';\n"; - $config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n"; - $config_data .= "\$table_prefix = '{$data['table_prefix']}';\n"; -// $config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n"; - $config_data .= "\$acm_type = 'file';\n"; - $config_data .= "\$load_extensions = '$load_extensions';\n\n"; - $config_data .= "@define('PHPBB_INSTALLED', true);\n"; + + $config_data_array = array( + 'dbms' => $available_dbms[$data['dbms']]['DRIVER'], + 'dbhost' => $data['dbhost'], + 'dbport' => $data['dbport'], + 'dbname' => $data['dbname'], + 'dbuser' => $data['dbuser'], + 'dbpasswd' => htmlspecialchars_decode($data['dbpasswd']), + 'table_prefix' => $data['table_prefix'], + 'acm_type' => 'file', + 'load_extensions' => $load_extensions, + ); + + foreach ($config_data_array as $key => $value) + { + $config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n"; + } + unset($config_data_array); + + $config_data .= "\n@define('PHPBB_INSTALLED', true);\n"; $config_data .= "// @define('DEBUG', true);\n"; $config_data .= "// @define('DEBUG_EXTRA', true);\n"; $config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused! @@ -1124,7 +1133,7 @@ class install_install extends module // Instantiate the database $db = new $sql_db(); - $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false); + $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false); // NOTE: trigger_error does not work here. $db->sql_return_on_error(true); @@ -1408,7 +1417,7 @@ class install_install extends module // Instantiate the database $db = new $sql_db(); - $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false); + $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false); // NOTE: trigger_error does not work here. $db->sql_return_on_error(true); @@ -1948,7 +1957,7 @@ class install_install extends module 'dbhost' => request_var('dbhost', ''), 'dbport' => request_var('dbport', ''), 'dbuser' => request_var('dbuser', ''), - 'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)), + 'dbpasswd' => request_var('dbpasswd', '', true), 'dbname' => request_var('dbname', ''), 'table_prefix' => request_var('table_prefix', ''), 'default_lang' => basename(request_var('default_lang', '')), |