From: Tim Starling <tstarling@users.mediawiki.org>
Date: Mon, 17 May 2004 09:34:38 +0000 (+0000)
Subject: Bug fix: need to add slashes when inserting into double quotes, especially when deali... 
X-Git-Tag: 1.3.0beta1~53
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/pie.php?a=commitdiff_plain;h=cb844819dbc92d61ab1b4b4dd5f25111fb84b8d3;p=lhc%2Fweb%2Fwiklou.git

Bug fix: need to add slashes when inserting into double quotes, especially when dealing with Windows paths (ported from 1.2)
---

diff --git a/config/index.php b/config/index.php
index 2c189a48ba..16d17a2f71 100644
--- a/config/index.php
+++ b/config/index.php
@@ -688,6 +688,9 @@ function writeLocalSettings( $conf ) {
 	$rights = ($conf->RightsUrl) ? "" : "# ";
 
 #	$proxyKey = Parser::getRandomString() . Parser::getRandomString();
+	# Add slashes to strings for double quoting
+	$slconf = array_map( "addslashes", get_object_vars( $conf ) );
+
 	
 	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
 	return "
@@ -695,8 +698,9 @@ function writeLocalSettings( $conf ) {
 # If you make manual changes, please keep track in case you need to
 # recreate them later.
 
-\$IP = \"{$conf->IP}\";
-require_once( \"includes/DefaultSettings.php\" );
+\$IP = \"{$slconf[IP]}\";
+ini_set( \"include_path\", \"\$IP/includes$sep\$IP/languages$sep\" . ini_get(\"include_path\") );
+include_once( \"DefaultSettings.php\" );
 
 if ( \$wgCommandLineMode ) {
 	if ( isset( \$_SERVER ) && array_key_exists( 'REQUEST_METHOD', \$_SERVER ) ) {
@@ -707,9 +711,9 @@ if ( \$wgCommandLineMode ) {
 	{$zlib}if( !ini_get( 'zlib.output_compression' ) ) ob_start( 'ob_gzhandler' );
 }
 
-\$wgSitename         = \"{$conf->Sitename}\";
+\$wgSitename         = \"{$slconf[Sitename]}\";
 
-\$wgScriptPath	    = \"{$conf->ScriptPath}\";
+\$wgScriptPath	    = \"{$slconf[ScriptPath]}\";
 \$wgScript           = \"\$wgScriptPath/index.php\";
 \$wgRedirectScript   = \"\$wgScriptPath/redirect.php\";
 
@@ -724,13 +728,13 @@ if ( \$wgCommandLineMode ) {
 \$wgUploadPath       = \"\$wgScriptPath/images\";
 \$wgUploadDirectory  = \"\$IP/images\";
 
-\$wgEmergencyContact = \"{$conf->EmergencyContact}\";
-\$wgPasswordSender   = \"{$conf->PasswordSender}\";
+\$wgEmergencyContact = \"{$slconf[EmergencyContact]}\";
+\$wgPasswordSender	= \"{$slconf[PasswordSender]}\";
 
-\$wgDBserver         = \"{$conf->DBserver}\";
-\$wgDBname           = \"{$conf->DBname}\";
-\$wgDBuser           = \"{$conf->DBuser}\";
-\$wgDBpassword       = \"{$conf->DBpassword}\";
+\$wgDBserver         = \"{$slconf[DBserver]}\";
+\$wgDBname           = \"{$slconf[DBname]}\";
+\$wgDBuser           = \"{$slconf[DBuser]}\";
+\$wgDBpassword       = \"{$slconf[DBpassword]}\";
 
 ## To allow SQL queries through the wiki's Special:Askaql page,
 ## uncomment the next lines. THIS IS VERY INSECURE. If you want
@@ -760,8 +764,8 @@ if ( \$wgCommandLineMode ) {
 
 \$wgLocalInterwiki   = \$wgSitename;
 
-\$wgLanguageCode = \"{$conf->LanguageCode}\";
-" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
+\$wgLanguageCode = \"{$slconf[LanguageCode]}\";
+" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$slconf[Encoding]}\";" : "" ) . "
 
 ## Default skin: you can change the default skin. Use the internal symbolic
 ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook':
@@ -787,11 +791,15 @@ function dieout( $text ) {
 }
 
 function importPost( $name, $default = "" ) {
-	if( isset( $_REQUEST[$name] ) ) {
-		return $_REQUEST[$name];
+	if( isset( $_POST[$name] ) ) {
+		$retval = $_POST[$name];
+		if ( get_magic_quotes_gpc() ) {
+			$retval = stripslashes( $retval );
+		}
 	} else {
-		return $default;
+		$retval = $default;
 	}
+	return $retval;
 }
 
 function aField( &$conf, $field, $text, $type = "", $value = "" ) {