From 9ebd5d5bb20af9178e071c3c6f3b41d9a9bc8be0 Mon Sep 17 00:00:00 2001
From: Lari Tikkanen <lartza@outlook.com>
Date: Wed, 7 Dec 2016 22:12:25 +0200
Subject: [PATCH] Quote database and role in queries

Fixes #1793
Signed-off-by: Lari Tikkanen <lartza@outlook.com>
---
 lib/private/Setup/PostgreSQL.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index 14325a18efe..4f4f8a03231 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -111,7 +111,7 @@ class PostgreSQL extends AbstractDatabase {
 	private function createDatabase(IDBConnection $connection) {
 		if (!$this->databaseExists($connection)) {
 			//The database does not exists... let's create it
-			$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER " . addslashes($this->dbUser));
+			$query = $connection->prepare("CREATE DATABASE \"" . addslashes($this->dbName) . "\" OWNER '" . addslashes($this->dbUser) . "'");
 			try {
 				$query->execute();
 			} catch (DatabaseException $e) {
@@ -119,7 +119,7 @@ class PostgreSQL extends AbstractDatabase {
 				$this->logger->logException($e);
 			}
 		} else {
-			$query = $connection->prepare("REVOKE ALL PRIVILEGES ON DATABASE " . addslashes($this->dbName) . " FROM PUBLIC");
+			$query = $connection->prepare("REVOKE ALL PRIVILEGES ON DATABASE \"" . addslashes($this->dbName) . "\" FROM PUBLIC");
 			try {
 				$query->execute();
 			} catch (DatabaseException $e) {
@@ -153,10 +153,10 @@ class PostgreSQL extends AbstractDatabase {
 		try {
 			if ($this->userExists($connection)) {
 				// change the password
-				$query = $connection->prepare("ALTER ROLE " . addslashes($this->dbUser) . " WITH CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
+				$query = $connection->prepare("ALTER ROLE \"" . addslashes($this->dbUser) . "\" WITH CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
 			} else {
 				// create the user
-				$query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
+				$query = $connection->prepare("CREATE USER \"" . addslashes($this->dbUser) . "\" CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
 			}
 			$query->execute();
 		} catch (DatabaseException $e) {