aboutsummaryrefslogtreecommitdiffstats
path: root/lib/setup.php
diff options
context:
space:
mode:
authorBrice Maron <brice@bmaron.net>2012-07-03 09:20:42 +0200
committerBrice Maron <brice@bmaron.net>2012-07-03 09:20:42 +0200
commit8a1c27918319a96a5e801b1e945eb0fce5b489af (patch)
tree077d28cc69ca4a5db3e0db74124e9b236e8f7140 /lib/setup.php
parent88cbbc86b84984946b80f6dd18e5a6a88b47f936 (diff)
downloadnextcloud-server-8a1c27918319a96a5e801b1e945eb0fce5b489af.tar.gz
nextcloud-server-8a1c27918319a96a5e801b1e945eb0fce5b489af.zip
Escape pg connection string on setup
Diffstat (limited to 'lib/setup.php')
-rw-r--r--lib/setup.php16
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/setup.php b/lib/setup.php
index 5387a0ef493..bad0f5301c7 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -155,8 +155,11 @@ class OC_Setup {
OC_CONFIG::setValue('dbhost', $dbhost);
OC_CONFIG::setValue('dbtableprefix', $dbtableprefix);
+ $e_host = addslashes($dbhost);
+ $e_user = addslashes($dbuser);
+ $e_password = addslashes($dbpass);
//check if the database user has admin right
- $connection_string = "host=$dbhost dbname=postgres user=$dbuser password=$dbpass";
+ $connection_string = "host='$e_host' dbname=postgres user='$e_user' password='$e_password'";
$connection = @pg_connect($connection_string);
if(!$connection) {
$error[] = array(
@@ -166,8 +169,9 @@ class OC_Setup {
return $error;
}
else {
+ $e_user = pg_escape_string($dbuser);
//check for roles creation rights in postgresql
- $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$dbuser'";
+ $query="SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='$e_user'";
$result = pg_query($connection, $query);
if($result and pg_num_rows($result) > 0) {
//use the admin login data for the new database user
@@ -199,7 +203,13 @@ class OC_Setup {
// connect to the ownCloud database (dbname=$dbname) an check if it needs to be filled
$dbuser = OC_CONFIG::getValue('dbuser');
$dbpass = OC_CONFIG::getValue('dbpassword');
- $connection_string = "host=$dbhost dbname=$dbname user=$dbuser password=$dbpass";
+
+ $e_host = addslashes($dbhost);
+ $e_dbname = addslashes($dbname);
+ $e_user = addslashes($dbuser);
+ $e_password = addslashes($dbpass);
+
+ $connection_string = "host='$e_host' dbname='$e_dbname' user='$e_user' password='$e_password'";
$connection = @pg_connect($connection_string);
if(!$connection) {
$error[] = array(