From: Simon L <szaimen@e.mail.de>
Date: Tue, 7 Mar 2023 23:37:19 +0000 (+0100)
Subject: postgresql - add quotes around user names
X-Git-Tag: v27.0.0beta1~359^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F37116%2Fhead;p=nextcloud-server.git

postgresql - add quotes around user names

fix https://github.com/nextcloud/server/issues/37114

Signed-off-by: Simon L <szaimen@e.mail.de>
---

diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index 8359f7b7563..490cbba69a9 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -80,7 +80,7 @@ class PostgreSQL extends AbstractDatabase {
 					// Therefore we assume that the database is only used by one user/service which is Nextcloud
 					// Additional services should get installed in a separate database in order to stay secure
 					// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
-					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
+					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"');
 					$connectionMainDatabase->close();
 				}
 			}
@@ -122,7 +122,7 @@ class PostgreSQL extends AbstractDatabase {
 	private function createDatabase(Connection $connection) {
 		if (!$this->databaseExists($connection)) {
 			//The database does not exists... let's create it
-			$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER " . addslashes($this->dbUser));
+			$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER \"" . addslashes($this->dbUser) . '"');
 			try {
 				$query->execute();
 			} catch (DatabaseException $e) {
@@ -172,10 +172,10 @@ class PostgreSQL extends AbstractDatabase {
 			}
 
 			// create the user
-			$query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
+			$query = $connection->prepare("CREATE USER \"" . addslashes($this->dbUser) . "\" CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
 			$query->execute();
 			if ($this->databaseExists($connection)) {
-				$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO '.addslashes($this->dbUser));
+				$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO "' . addslashes($this->dbUser) . '"');
 				$query->execute();
 			}
 		} catch (DatabaseException $e) {