Fix a comparison logic SQL error in lang.php; fix attempt to call mysql_real_escape_string() in install without a working DB connection
authorDan
Tue, 06 Nov 2007 11:10:18 -0500
changeset 239 0f1b353570a7
parent 238 a78537db2850
child 240 f0149a27df5f
Fix a comparison logic SQL error in lang.php; fix attempt to call mysql_real_escape_string() in install without a working DB connection
includes/lang.php
install.php
--- a/includes/lang.php	Tue Nov 06 10:53:33 2007 -0500
+++ b/includes/lang.php	Tue Nov 06 11:10:18 2007 -0500
@@ -88,7 +88,7 @@
       $db->_die('lang.php - attempting to pass invalid value to constructor');
     }
     
-    $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : 'def';
+    $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : '\'def\'';
     $q = $db->sql_query("SELECT lang_id, lang_code, last_changed, ( lang_id = $lang_default ) AS is_default FROM " . table_prefix . "language WHERE $sql_col OR lang_id = $lang_default ORDER BY is_default DESC LIMIT 1;");
     
     if ( !$q )
--- a/install.php	Tue Nov 06 10:53:33 2007 -0500
+++ b/install.php	Tue Nov 06 11:10:18 2007 -0500
@@ -179,12 +179,16 @@
   if ( $act_get )
     return $conn;
   
-  $db_user = mysql_real_escape_string($_POST['db_user']);
-  $db_pass = mysql_real_escape_string($_POST['db_pass']);
-  $db_name = mysql_real_escape_string($_POST['db_name']);
+  $db_user =& $_POST['db_user'];
+  $db_pass =& $_POST['db_pass'];
+  $db_name =& $_POST['db_name'];
   
   if ( !preg_match('/^[a-z0-9_]+$/', $db_name) )
-    die("<p>SECURITY: malformed database name</p>");
+  {
+    die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
+    $db_name = htmlspecialchars($db_name);
+    die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+  }
   
   // First, try to connect using the normal credentials
   $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
@@ -199,6 +203,9 @@
         // Couldn't connect using either set of credentials. Bail out.
         return false;
       }
+      unset($db_user, $db_pass);
+      $db_user = mysql_real_escape_string($_POST['db_user']);
+      $db_pass = mysql_real_escape_string($_POST['db_pass']);
       // Create the user account
       $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
       if ( !$q )
@@ -248,6 +255,9 @@
         // this really should never fail, so don't give any tolerance to it
         return false;
       }
+      unset($db_user, $db_pass);
+      $db_user = mysql_real_escape_string($_POST['db_user']);
+      $db_pass = mysql_real_escape_string($_POST['db_pass']);
       // we're in with root rights; grant access to the database
       $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root);
       if ( !$q )