From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 5 Aug 2004 07:14:36 +0000 (+0000)
Subject: Fix for [ 988901 ] (install) database password not escaped in LocalSettings.php
X-Git-Tag: 1.5.0alpha1~2512
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=e91729b46fe9a9f4058a2f118c61a652b3949e3e;p=lhc%2Fweb%2Fwiklou.git

Fix for [ 988901 ] (install) database password not escaped in LocalSettings.php

addslashes() is not quite correct for PHP double-quoted string literals.
Created an escapePhpString() function which should cover the right bits.
See http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double
---

diff --git a/config/index.php b/config/index.php
index eafe930110..e6fb49cf68 100644
--- a/config/index.php
+++ b/config/index.php
@@ -731,6 +731,18 @@ function writeAdminSettings( $conf ) {
 ";
 }
 
+function escapePhpString( $string ) {
+	return strtr( $string,
+		array(
+			"\n" => "\\n",
+			"\r" => "\\r",
+			"\t" => "\\t",
+			"\\" => "\\\\",
+			"\$" => "\\\$",
+			"\"" => "\\\""
+		));
+}
+
 function writeLocalSettings( $conf ) {
 	$conf->DBmysql4 = @$conf->DBmysql4 ? 'true' : 'false';
 	$conf->UseImageResize = $conf->UseImageResize ? 'true' : 'false';
@@ -761,7 +773,7 @@ function writeLocalSettings( $conf ) {
 	}
 
 	# Add slashes to strings for double quoting
-	$slconf = array_map( "addslashes", get_object_vars( $conf ) );
+	$slconf = array_map( "escapePhpString", get_object_vars( $conf ) );
 
 
 	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";