From 67fedede3887d97078862e9b58524dc71162ba24 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Thu, 23 Oct 2014 15:02:15 -0400 Subject: [PATCH] Fixed: FS#3712 - Client DB credentials not escaped --- install/lib/installer_base.lib.php | 2 +- install/dist/lib/fedora.lib.php | 2 +- install/dist/lib/opensuse.lib.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index fdfd1a9..5dd1489 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -1292,7 +1292,7 @@ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master"); $content = str_replace('{hostname}', $conf['mysql']['host'], $content); $content = str_replace('{username}', $conf['mysql']['admin_user'], $content); - $content = str_replace('{password}', $conf['mysql']['admin_password'], $content); + $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content); wf("$install_dir/server/lib/mysql_clientdb.conf", $content); exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf"); exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf"); diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 6f08073..0019f34 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -1366,7 +1366,7 @@ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master"); $content = str_replace('{hostname}', $conf['mysql']['host'], $content); $content = str_replace('{username}', $conf['mysql']['admin_user'], $content); - $content = str_replace('{password}', $conf['mysql']['admin_password'], $content); + $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content); wf("$install_dir/server/lib/mysql_clientdb.conf", $content); exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf"); exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf"); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index f0a35f1..938f8c3 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -2218,7 +2218,7 @@ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master'); $content = str_replace('{hostname}', $conf['mysql']['host'], $content); $content = str_replace('{username}', $conf['mysql']['admin_user'], $content); - $content = str_replace('{password}', $conf['mysql']['admin_password'], $content); + $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content); wf($install_dir.'/server/lib/mysql_clientdb.conf', $content); chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600); chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root'); -- Gitblit v1.9.1