From 67fedede3887d97078862e9b58524dc71162ba24 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Thu, 23 Oct 2014 15:02:15 -0400 Subject: [PATCH] Fixed: FS#3712 - Client DB credentials not escaped --- install/dist/lib/fedora.lib.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index fdfd1a9..5dd1489 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -1292,7 +1292,7 @@ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master"); $content = str_replace('{hostname}', $conf['mysql']['host'], $content); $content = str_replace('{username}', $conf['mysql']['admin_user'], $content); - $content = str_replace('{password}', $conf['mysql']['admin_password'], $content); + $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content); wf("$install_dir/server/lib/mysql_clientdb.conf", $content); exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf"); exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf"); -- Gitblit v1.9.1