Changed the input option for database-port to required when parameter was provided.

Added casting database port to int for input sanitation in pgsql and oci connections.
author: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-06 11:31:28 +0200
committer: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-06 11:31:28 +0200
commit: 0638937ada237f6bd05620dfb16cfa17c6b971b7 (patch)
tree: 1cc2cbdc78912138964af0f62bdcd030f165b86c /lib/private/Setup/OCI.php
parent: d367318088c2044427a574b1e42c48deade1bec3 (diff)
download: nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.tar.gz
nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Setup/OCI.php b/lib/private/Setup/OCI.php
index 7fddf0e58e5..2366a014c53 100644
--- a/lib/private/Setup/OCI.php
+++ b/lib/private/Setup/OCI.php
@@ -63,8 +63,8 @@ class OCI extends AbstractDatabase {
 
 	public function setupDatabase($username) {
 		$e_host = addslashes($this->dbHost);
-		// adding slashes for security reasons
-		$e_port = addslashes($this->dbPort);
+		// casting to int to avoid malicious input
+		$e_port = (int)$this->dbPort;
 		$e_dbname = addslashes($this->dbName);
 		//check if the database user has admin right
 		if ($e_host == '') {
author	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-06 11:31:28 +0200
committer	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-06 11:31:28 +0200
commit	0638937ada237f6bd05620dfb16cfa17c6b971b7 (patch)
tree	1cc2cbdc78912138964af0f62bdcd030f165b86c /lib/private/Setup/OCI.php
parent	d367318088c2044427a574b1e42c48deade1bec3 (diff)
download	nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.tar.gz nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.zip