[geeklog-cvs] geeklog: Prevent XSS in the install script (reported independent...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Jun 7 12:09:08 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ac040e7736bf
changeset: 7084:ac040e7736bf
user: Dirk Haun <dirk at haun-online.de>
date: Sun Jun 07 10:14:11 2009 +0200
description:
Prevent XSS in the install script (reported independently by Nemesis and MaXe)
diffstat:
public_html/admin/install/index.php | 87 ++++++++++++++--------------
public_html/admin/install/install-plugins.php | 5 +-
public_html/admin/install/lib-install.php | 18 ++++++
public_html/admin/install/migrate.php | 19 +++---
public_html/docs/history | 2 +
5 files changed, 77 insertions(+), 54 deletions(-)
diffs (truncated from 340 to 300 lines):
diff -r c68579cefb03 -r ac040e7736bf public_html/admin/install/index.php
--- a/public_html/admin/install/index.php Sat Jun 06 14:43:42 2009 +0200
+++ b/public_html/admin/install/index.php Sun Jun 07 10:14:11 2009 +0200
@@ -69,7 +69,7 @@
}
}
- $display .= '<h1 class="heading">' . $LANG_INSTALL[101] . ' ' . $_REQUEST['display_step'] . ' - ' . $LANG_INSTALL[102] . '</h1>' . LB;
+ $display .= '<h1 class="heading">' . $LANG_INSTALL[101] . ' ' . htmlspecialchars($_REQUEST['display_step']) . ' - ' . $LANG_INSTALL[102] . '</h1>' . LB;
// Set all the form values either with their defaults or with received POST data.
@@ -149,30 +149,30 @@
$display .= '<h2>' . $LANG_INSTALL[31] . '</h2>
<form action="index.php" method="post" name="install">
- <input type="hidden" name="mode" value="' . $install_type . '"' . XHTML . '>
+ <input type="hidden" name="mode" value="' . htmlspecialchars($install_type) . '"' . XHTML . '>
<input type="hidden" name="step" value="2"' . XHTML . '>
- <input type="hidden" name="display_step" value="' . $_REQUEST['display_step'] . '"' . XHTML . '>
+ <input type="hidden" name="display_step" value="' . htmlspecialchars($_REQUEST['display_step']) . '"' . XHTML . '>
<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[32] . ' ' . INST_helpLink('site_name') . '</label> <input type="text" name="site_name" value="' . $site_name . '" size="40"' . XHTML . '></p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[33] . ' ' . INST_helpLink('site_slogan') . '</label> <input type="text" name="site_slogan" value="' . $site_slogan . '" size="40"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[32] . ' ' . INST_helpLink('site_name') . '</label> <input type="text" name="site_name" value="' . htmlspecialchars($site_name) . '" size="40"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[33] . ' ' . INST_helpLink('site_slogan') . '</label> <input type="text" name="site_slogan" value="' . htmlspecialchars($site_slogan) . '" size="40"' . XHTML . '></p>
<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[34] . ' ' . INST_helpLink('db_type') . '</label> <select name="db_type">
<option value="mysql"' . $mysql_selected . '>' . $LANG_INSTALL[35] . '</option>
' . ($install_type == 'install' ? '<option value="mysql-innodb"' . $mysql_innodb_selected . '>' . $LANG_INSTALL[36] . '</option>' : '') . '
<option value="mssql"' . $mssql_selected . '>' . $LANG_INSTALL[37] . '</option></select> ' . '</p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[39] . ' ' . INST_helpLink('db_host') . '</label> <input type="text" name="db_host" value="'. $db_host .'" size="20"' . XHTML . '></p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[40] . ' ' . INST_helpLink('db_name') . '</label> <input type="text" name="db_name" value="'. $db_name . '" size="20"' . XHTML . '></p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[41] . ' ' . INST_helpLink('db_user') . '</label> <input type="text" name="db_user" value="' . $db_user . '" size="20"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[39] . ' ' . INST_helpLink('db_host') . '</label> <input type="text" name="db_host" value="'. htmlspecialchars($db_host) .'" size="20"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[40] . ' ' . INST_helpLink('db_name') . '</label> <input type="text" name="db_name" value="'. htmlspecialchars($db_name) . '" size="20"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[41] . ' ' . INST_helpLink('db_user') . '</label> <input type="text" name="db_user" value="' . htmlspecialchars($db_user) . '" size="20"' . XHTML . '></p>
<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[42] . ' ' . INST_helpLink('db_pass') . '</label> <input type="password" name="db_pass" value="' . $db_pass . '" size="20"' . XHTML . '></p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[43] . ' ' . INST_helpLink('db_prefix') . '</label> <input type="text" name="db_prefix" value="' . $db_prefix . '" size="20"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[43] . ' ' . INST_helpLink('db_prefix') . '</label> <input type="text" name="db_prefix" value="' . htmlspecialchars($db_prefix) . '" size="20"' . XHTML . '></p>
<br' . XHTML . '>
<h2>' . $LANG_INSTALL[44] . '</h2>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[45] . ' ' . INST_helpLink('site_url') . '</label> <input type="text" name="site_url" value="' . $site_url . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[47] . ' ' . INST_helpLink('site_admin_url') . '</label> <input type="text" name="site_admin_url" value="' . $site_admin_url . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[48] . ' ' . INST_helpLink('site_mail') . '</label> <input type="text" name="site_mail" value="' . $site_mail . '" size="50"' . XHTML . '></p>
- <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[49] . ' ' . INST_helpLink('noreply_mail') . '</label> <input type="text" name="noreply_mail" value="' . $noreply_mail . '" size="50"' . XHTML . '></p>';
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[45] . ' ' . INST_helpLink('site_url') . '</label> <input type="text" name="site_url" value="' . htmlspecialchars($site_url) . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[47] . ' ' . INST_helpLink('site_admin_url') . '</label> <input type="text" name="site_admin_url" value="' . htmlspecialchars($site_admin_url) . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[48] . ' ' . INST_helpLink('site_mail') . '</label> <input type="text" name="site_mail" value="' . htmlspecialchars($site_mail) . '" size="50"' . XHTML . '></p>
+ <p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[49] . ' ' . INST_helpLink('noreply_mail') . '</label> <input type="text" name="noreply_mail" value="' . htmlspecialchars($noreply_mail) . '" size="50"' . XHTML . '></p>';
if ($install_type == 'install') {
$display .= '
@@ -244,7 +244,7 @@
// Write the database info to db-config.php
if (!INST_writeConfig($dbconfig_path, $DB)) {
- exit($LANG_INSTALL[26] . ' ' . $dbconfig_path
+ exit($LANG_INSTALL[26] . ' ' . htmlspecialchars($dbconfig_path)
. $LANG_INSTALL[58]);
}
@@ -281,7 +281,7 @@
case 'install':
$hidden_fields = '<input type="hidden" name="mode" value="' . $install_type . '"' . XHTML . '>
<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . urlencode($dbconfig_path) . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
<input type="hidden" name="site_name" value="' . urlencode($site_name) . '"' . XHTML . '>
<input type="hidden" name="site_slogan" value="' . urlencode($site_slogan) . '"' . XHTML . '>
<input type="hidden" name="site_url" value="' . urlencode($site_url) . '"' . XHTML . '>
@@ -348,7 +348,7 @@
<form action="index.php" method="post">
<input type="hidden" name="mode" value="upgrade"' . XHTML . '>
<input type="hidden" name="step" value="3"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[89] . '</label> <select name="version">';
$tmp_counter = 0;
$ver_selected = '';
@@ -426,7 +426,7 @@
<input type="hidden" name="mode" value="install"' . XHTML . '>
<input type="hidden" name="step" value="3"' . XHTML . '>
<input type="hidden" value="' . $language . '"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
<input type="hidden" name="innodb" value="' . (($use_innodb) ? 'true' : 'false') . '"' . XHTML . '>
<input type="hidden" name="install_plugins" value="' . $install_plugins . '"' . XHTML . '>
<input type="submit" class="button big-button" value="' . $LANG_INSTALL[66] . '"' . XHTML . '>
@@ -437,7 +437,7 @@
<form action="index.php" method="post">
<input type="hidden" name="mode" value="upgrade"' . XHTML . '>
<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
<input type="submit" class="button big-button" value="' . $LANG_INSTALL[25] . '"' . XHTML . '>
</form>
</div>
@@ -703,22 +703,22 @@
$display = '
<form action="index.php" method="post">
- <input type="hidden" name="mode" value="' . $mode . '"' . XHTML . '>
+ <input type="hidden" name="mode" value="' . htmlspecialchars($mode) . '"' . XHTML . '>
<input type="hidden" name="step" value="1"' . XHTML . '>
- <input type="hidden" name="display_step" value="' . $_REQUEST['display_step'] . '"' . XHTML . '>
- <input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>
+ <input type="hidden" name="display_step" value="' . htmlspecialchars($_REQUEST['display_step']) . '"' . XHTML . '>
+ <input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>
<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>
- <input type="hidden" name="site_name" value="' . $post_data['site_name'] . '"' . XHTML . '>
- <input type="hidden" name="site_slogan" value="' . $post_data['site_slogan'] . '"' . XHTML . '>
- <input type="hidden" name="db_type" value="' . $post_data['db_type'] . '"' . XHTML . '>
- <input type="hidden" name="db_host" value="' . $post_data['db_host'] . '"' . XHTML . '>
- <input type="hidden" name="db_name" value="' . $post_data['db_name'] . '"' . XHTML . '>
- <input type="hidden" name="db_user" value="' . $post_data['db_user'] . '"' . XHTML . '>
- <input type="hidden" name="db_prefix" value="' . $post_data['db_prefix'] . '"' . XHTML . '>
- <input type="hidden" name="site_url" value="' . $post_data['site_url'] . '"' . XHTML . '>
- <input type="hidden" name="site_admin_url" value="' . $post_data['site_admin_url'] . '"' . XHTML . '>
- <input type="hidden" name="site_mail" value="' . $post_data['site_mail'] . '"' . XHTML . '>
- <input type="hidden" name="noreply_mail" value="' . $post_data['noreply_mail'] . '"' . XHTML . '>
+ <input type="hidden" name="site_name" value="' . htmlspecialchars($post_data['site_name']) . '"' . XHTML . '>
+ <input type="hidden" name="site_slogan" value="' . htmlspecialchars($post_data['site_slogan']) . '"' . XHTML . '>
+ <input type="hidden" name="db_type" value="' . htmlspecialchars($post_data['db_type']) . '"' . XHTML . '>
+ <input type="hidden" name="db_host" value="' . htmlspecialchars($post_data['db_host']) . '"' . XHTML . '>
+ <input type="hidden" name="db_name" value="' . htmlspecialchars($post_data['db_name']) . '"' . XHTML . '>
+ <input type="hidden" name="db_user" value="' . htmlspecialchars($post_data['db_user']) . '"' . XHTML . '>
+ <input type="hidden" name="db_prefix" value="' . htmlspecialchars($post_data['db_prefix']) . '"' . XHTML . '>
+ <input type="hidden" name="site_url" value="' . htmlspecialchars($post_data['site_url']) . '"' . XHTML . '>
+ <input type="hidden" name="site_admin_url" value="' . htmlspecialchars($post_data['site_admin_url']) . '"' . XHTML . '>
+ <input type="hidden" name="site_mail" value="' . htmlspecialchars($post_data['site_mail']) . '"' . XHTML . '>
+ <input type="hidden" name="noreply_mail" value="' . htmlspecialchars($post_data['noreply_mail']) . '"' . XHTML . '>
<p align="center"><input type="submit" class="button big-button" value="<< ' . $LANG_INSTALL[61] . '"' . XHTML . '></p>
</form>';
@@ -881,6 +881,7 @@
$html_path = INST_getHtmlPath();
$siteconfig_path = '../../siteconfig.php';
$dbconfig_path = (isset($_POST['dbconfig_path'])) ? $_POST['dbconfig_path'] : ((isset($_GET['dbconfig_path'])) ? $_GET['dbconfig_path'] : '');
+$dbconfig_path = INST_sanitizePath($dbconfig_path);
$step = isset($_GET['step']) ? $_GET['step'] : (isset($_POST['step']) ? $_POST['step'] : 1);
$mode = isset($_GET['mode']) ? $_GET['mode'] : (isset($_POST['mode']) ? $_POST['mode'] : '');
@@ -919,12 +920,13 @@
$_PATH = array('dbconfig', 'public_html');
if (isset($_GET['mode']) || isset($_POST['mode'])) {
$value = (isset($_POST['mode'])) ? $_POST['mode'] : $_GET['mode'];
- $display .= '<input type="hidden" name="mode" value="' . $value . '"' . XHTML . '>' . LB;
+ $display .= '<input type="hidden" name="mode" value="' . htmlspecialchars($value) . '"' . XHTML . '>' . LB;
}
foreach ($_PATH as $name) {
if (isset($_GET[$name . '_path']) || isset($_POST[$name . '_path'])) {
$value = (isset($_POST[$name . '_path'])) ? $_POST[$name . '_path'] : $_GET[$name . '_path'];
- $display .= '<input type="hidden" name="' . $name .'_path" value="' . $value . '"' . XHTML . '>' . LB;
+ $value = INST_sanitizePath($value);
+ $display .= '<input type="hidden" name="' . $name .'_path" value="' . htmlspecialchars($value) . '"' . XHTML . '>' . LB;
}
}
@@ -980,7 +982,7 @@
// or in public_html have the user enter its location.
$form_fields .= '<p><label class="' . $form_label_dir . '"><code>db-config.php</code></label> ' . LB
. '<input type="text" name="dbconfig_path" value="/path/to/'
- . $dbconfig_file . '" size="50"' . XHTML . '></p>' . LB;
+ . htmlspecialchar($dbconfig_file) . '" size="50"' . XHTML . '></p>' . LB;
$num_errors++;
} else {
// See whether the file/directory is located in the default place or in public_html
@@ -1020,8 +1022,7 @@
case 'check_permissions':
// Get the paths from the previous page
- $_PATH = array('db-config.php' => urldecode(isset($_GET['dbconfig_path'])
- ? $_GET['dbconfig_path'] : $_POST['dbconfig_path']),
+ $_PATH = array('db-config.php' => INST_sanitizePath(urldecode(isset($_GET['dbconfig_path']) ? $_GET['dbconfig_path'] : $_POST['dbconfig_path'])),
'public_html/' => INST_getHtmlPath());
// Be fault tolerant with the path the user enters
@@ -1038,7 +1039,7 @@
if (!file_exists($_PATH['db-config.php'])) {
$display .= '<h1 class="heading">' . $LANG_INSTALL[3] . '</h1>' . LB
. '<p><span class="error">' . $LANG_INSTALL[38] . '</span>' . LB
- . $LANG_INSTALL[84] . '<code>' . $_PATH['db-config.php'] . '</code>' . $LANG_INSTALL[85] . LB
+ . $LANG_INSTALL[84] . '<code>' . htmlspecialchars($_PATH['db-config.php']) . '</code>' . $LANG_INSTALL[85] . LB
. '</p>' . LB
. '<div style="margin-left: auto; margin-right: auto; width: 1px">' . LB
. '<form action="index.php" method="post">' . LB
@@ -1149,8 +1150,8 @@
$upgr_class = ($LANG_DIRECTION == 'rtl') ? 'upgrade-rtl' : 'upgrade' ;
$display .= '<h1 class="heading">' . $LANG_INSTALL[101] . ' ' . $display_step . ' - ' . $LANG_INSTALL[23] . '</h1>' . LB
. '<p><form action="index.php" method="GET">' . LB
- . '<input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>' . LB
- . '<input type="hidden" name="mode" value="' . $mode . '"' . XHTML . '>' . LB
+ . '<input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>' . LB
+ . '<input type="hidden" name="mode" value="' . htmlspecialchars($mode) . '"' . XHTML . '>' . LB
. '<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>' . LB
. '<input type="hidden" name="display_step" value="' . ($display_step+1) . '"' . XHTML . '>' . LB
. '<input type="submit" name="install_type" class="button big-button" value="' . $LANG_INSTALL[24] . '"' . XHTML .'>' . LB
@@ -1167,8 +1168,8 @@
case 'write_paths':
// Get the paths from the previous page
- $_PATH = array('db-config.php' => urldecode($_REQUEST['dbconfig_path']),
- 'public_html/' => urldecode($_REQUEST['public_html_path']));
+ $_PATH = array('db-config.php' => INST_sanitizePath(urldecode($_REQUEST['dbconfig_path'])),
+ 'public_html/' => INST_sanitizePath(urldecode($_REQUEST['public_html_path'])));
$dbconfig_path = str_replace('db-config.php', '', $_PATH['db-config.php']);
// Edit siteconfig.php and enter the correct GL path and system directory path
diff -r c68579cefb03 -r ac040e7736bf public_html/admin/install/install-plugins.php
--- a/public_html/admin/install/install-plugins.php Sat Jun 06 14:43:42 2009 +0200
+++ b/public_html/admin/install/install-plugins.php Sun Jun 07 10:14:11 2009 +0200
@@ -63,8 +63,9 @@
}
-$dbconfig_path = (isset($_REQUEST['dbconfig_path'])) ? $_REQUEST['dbconfig_path'] : $gl_path . '/db-config.php';
-$step = (isset($_REQUEST['step'])) ? $_REQUEST['step'] : 1;
+$dbconfig_path = (isset($_POST['dbconfig_path'])) ? $_POST['dbconfig_path'] : ((isset($_GET['dbconfig_path'])) ? $_GET['dbconfig_path'] : $gl_path . '/db-config.php');
+$dbconfig_path = INST_sanitizePath($dbconfig_path);
+tep = isset($_GET['step']) ? $_GET['step'] : (isset($_POST['step']) ? $_POST['step'] : 1);
// $display holds all the outputted HTML and content
$display = INST_getHeader($LANG_PLUGINS[2] . ' 3 - ' . $LANG_PLUGINS[1]); // Grab the beginning HTML for the installer theme.
diff -r c68579cefb03 -r ac040e7736bf public_html/admin/install/lib-install.php
--- a/public_html/admin/install/lib-install.php Sat Jun 06 14:43:42 2009 +0200
+++ b/public_html/admin/install/lib-install.php Sun Jun 07 10:14:11 2009 +0200
@@ -65,6 +65,8 @@
define('SUPPORTED_PHP_VER', '4.3.0');
}
+$_REQUEST = array_merge($_GET, $_POST);
+
if (empty($LANG_DIRECTION)) {
$LANG_DIRECTION = 'ltr';
}
@@ -1149,4 +1151,20 @@
DB_change($_TABLES['vars'], 'value', $version, 'name', 'database_version');
}
+/**
+* Filter path value for junk and injections
+*
+* @param string $path a path on the file system
+* @return string filtered path value
+*
+*/
+function INST_sanitizePath($path)
+{
+ $path = strip_tags($path);
+ $path = str_replace(array('"', "'"), '', $path);
+ $path = str_replace('..', '', $path);
+
+ return $path;
+}
+
?>
diff -r c68579cefb03 -r ac040e7736bf public_html/admin/install/migrate.php
--- a/public_html/admin/install/migrate.php Sat Jun 06 14:43:42 2009 +0200
+++ b/public_html/admin/install/migrate.php Sun Jun 07 10:14:11 2009 +0200
@@ -246,8 +246,9 @@
}
-$dbconfig_path = (isset($_REQUEST['dbconfig_path'])) ? $_REQUEST['dbconfig_path'] : $gl_path . '/db-config.php';
-$step = (isset($_REQUEST['step'])) ? $_REQUEST['step'] : 1;
+$dbconfig_path = (isset($_POST['dbconfig_path'])) ? $_POST['dbconfig_path'] : ((isset($_GET['dbconfig_path'])) ? $_GET['dbconfig_path'] : $gl_path . '/db-config.php');
+$dbconfig_path = INST_sanitizePath($dbconfig_path);
+$step = isset($_GET['step']) ? $_GET['step'] : (isset($_POST['step']) ? $_POST['step'] : 1);
$backup_dir = $_CONF['path'] . 'backups/';
// $display holds all the outputted HTML and content
@@ -313,7 +314,7 @@
. '<form action="migrate.php" method="post" name="migrate" enctype="multipart/form-data">' . LB
. '<input type="hidden" name="step" value="2"' . XHTML . '>' . LB
. '<input type="hidden" name="language" value="' . $language . '"' . XHTML . '>' . LB
- . '<input type="hidden" name="dbconfig_path" value="' . $dbconfig_path . '"' . XHTML . '>' . LB
+ . '<input type="hidden" name="dbconfig_path" value="' . htmlspecialchars($dbconfig_path) . '"' . XHTML . '>' . LB
. '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[34] . ' ' . INST_helpLink('db_type') . '</label> <select name="db[type]">' . LB
. '<option value="mysql">' . $LANG_INSTALL[35] . '</option>' . LB
. '</select></p>' . LB
@@ -321,8 +322,8 @@
. '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[40] . ' ' . INST_helpLink('db_name') . '</label> <input type="text" name="db[name]" value="' . $_FORM['name'] . '" size="20"' . XHTML . '></p>' . LB
. '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[41] . ' ' . INST_helpLink('db_user') . '</label> <input type="text" name="db[user]" value="' . $_FORM['user'] . '" size="20"' . XHTML . '></p>' . LB
. '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[42] . ' ' . INST_helpLink('db_pass') . '</label> <input type="password" name="db[pass]" value="' . $_FORM['pass'] . '" size="20"' . XHTML . '></p>' . LB
- . '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[45] . ' ' . INST_helpLink('site_url') . '</label> <input type="text" name="site_url" value="' . $site_url . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>' . LB
- . '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[47] . ' ' . INST_helpLink('site_admin_url') . '</label> <input type="text" name="site_admin_url" value="' . $site_admin_url . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>' . LB;
+ . '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[45] . ' ' . INST_helpLink('site_url') . '</label> <input type="text" name="site_url" value="' . htmlspecialchars($site_url) . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>' . LB
+ . '<p><label class="' . $form_label_dir . '">' . $LANG_INSTALL[47] . ' ' . INST_helpLink('site_admin_url') . '</label> <input type="text" name="site_admin_url" value="' . htmlspecialchars($site_admin_url) . '" size="50"' . XHTML . '> ' . $LANG_INSTALL[46] . '</p>' . LB;
// Identify the backup files in backups/ and order them newest to oldest
$sql_files = glob($backup_dir . '*.sql');
@@ -492,12 +493,12 @@
if (isset($_REQUEST['db'])) {
// Write the database info to db-config.php
- if (!INST_writeConfig($_REQUEST['dbconfig_path'], $DB)) {
More information about the geeklog-cvs
mailing list