From e91729b46fe9a9f4058a2f118c61a652b3949e3e Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 5 Aug 2004 07:14:36 +0000
Subject: [PATCH] Fix for [ 988901 ] (install) database password not escaped in
 LocalSettings.php

addslashes() is not quite correct for PHP double-quoted string literals.
Created an escapePhpString() function which should cover the right bits.
See http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double
---
 config/index.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/config/index.php b/config/index.php
index eafe930110..e6fb49cf68 100644
--- a/config/index.php
+++ b/config/index.php
@@ -731,6 +731,18 @@ function writeAdminSettings( $conf ) {
 ";
 }
 
+function escapePhpString( $string ) {
+	return strtr( $string,
+		array(
+			"\n" => "\\n",
+			"\r" => "\\r",
+			"\t" => "\\t",
+			"\\" => "\\\\",
+			"\$" => "\\\$",
+			"\"" => "\\\""
+		));
+}
+
 function writeLocalSettings( $conf ) {
 	$conf->DBmysql4 = @$conf->DBmysql4 ? 'true' : 'false';
 	$conf->UseImageResize = $conf->UseImageResize ? 'true' : 'false';
@@ -761,7 +773,7 @@ function writeLocalSettings( $conf ) {
 	}
 
 	# Add slashes to strings for double quoting
-	$slconf = array_map( "addslashes", get_object_vars( $conf ) );
+	$slconf = array_map( "escapePhpString", get_object_vars( $conf ) );
 
 
 	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
-- 
2.20.1