[geeklog-hg] geeklog: $dbconfig_path is not escaped in install. Patch provide...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Dec 22 05:12:08 EST 2012
changeset 8892:6bde3f6f591f
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/6bde3f6f591f
user: Tom <websitemaster at cogeco.net>
date: Wed Jun 27 09:40:18 2012 -0400
description:
$dbconfig_path is not escaped in install. Patch provided by Mystralkk (bug #0001457)
diffstat:
public_html/admin/install/index.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r 37211d8b0566 -r 6bde3f6f591f public_html/admin/install/index.php
--- a/public_html/admin/install/index.php Tue Jan 03 10:24:32 2012 -0500
+++ b/public_html/admin/install/index.php Wed Jun 27 09:40:18 2012 -0400
@@ -274,7 +274,7 @@
require_once $_CONF['path_system'] . 'lib-database.php';
$req_string = 'index.php?mode=' . $install_type
- . '&step=3&dbconfig_path=' . $dbconfig_path
+ . '&step=3&dbconfig_path=' . urlencode($dbconfig_path)
. '&install_plugins=' . $install_plugins
. '&language=' . $language
. '&site_name=' . urlencode($site_name)
More information about the geeklog-cvs
mailing list