From 67fedede3887d97078862e9b58524dc71162ba24 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 23 Oct 2014 15:02:15 -0400
Subject: [PATCH] Fixed: FS#3712 - Client DB credentials not escaped

---
 install/lib/installer_base.lib.php |    2 +-
 install/dist/lib/fedora.lib.php    |    2 +-
 install/dist/lib/opensuse.lib.php  |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index fdfd1a9..5dd1489 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -1292,7 +1292,7 @@
 		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
 		$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
 		$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
-		$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
+		$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
 		wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
 		exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
 		exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 6f08073..0019f34 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -1366,7 +1366,7 @@
 		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
 		$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
 		$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
-		$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
+		$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
 		wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
 		exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
 		exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index f0a35f1..938f8c3 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2218,7 +2218,7 @@
 		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
 		$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
 		$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
-		$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
+		$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
 		wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
 		chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
 		chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');

--
Gitblit v1.9.1