Changed the input option for database-port to required when parameter was provided.

Added casting database port to int for input sanitation in pgsql and oci connections.
author: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-06 11:31:28 +0200
committer: Thomas Pulzer <t.pulzer@kniel.de> 2016-07-06 11:31:28 +0200
commit: 0638937ada237f6bd05620dfb16cfa17c6b971b7 (patch)
tree: 1cc2cbdc78912138964af0f62bdcd030f165b86c /lib/private/Setup
parent: d367318088c2044427a574b1e42c48deade1bec3 (diff)
download: nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.tar.gz
nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/private/Setup/OCI.php b/lib/private/Setup/OCI.php
index 7fddf0e58e5..2366a014c53 100644
--- a/lib/private/Setup/OCI.php
+++ b/lib/private/Setup/OCI.php
@@ -63,8 +63,8 @@ class OCI extends AbstractDatabase {
 
 	public function setupDatabase($username) {
 		$e_host = addslashes($this->dbHost);
-		// adding slashes for security reasons
-		$e_port = addslashes($this->dbPort);
+		// casting to int to avoid malicious input
+		$e_port = (int)$this->dbPort;
 		$e_dbname = addslashes($this->dbName);
 		//check if the database user has admin right
 		if ($e_host == '') {
diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index 35d8b8eac14..464d1e02e21 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -36,8 +36,8 @@ class PostgreSQL extends AbstractDatabase {
 
 		// adding port support through installer
 		if(!empty($this->dbPort)) {
-			// adding slashes for security reasons
-			$port = addslashes($this->dbPort);
+			// casting to int to avoid malicious input
+			$port = (int)$this->dbPort;
 		} else if(strpos($e_host, ':')) {
 			list($e_host, $port)=explode(':', $e_host, 2);
 		} else {
author	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-06 11:31:28 +0200
committer	Thomas Pulzer <t.pulzer@kniel.de>	2016-07-06 11:31:28 +0200
commit	0638937ada237f6bd05620dfb16cfa17c6b971b7 (patch)
tree	1cc2cbdc78912138964af0f62bdcd030f165b86c /lib/private/Setup
parent	d367318088c2044427a574b1e42c48deade1bec3 (diff)
download	nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.tar.gz nextcloud-server-0638937ada237f6bd05620dfb16cfa17c6b971b7.zip