# HG changeset patch # User Dan # Date 1194365418 18000 # Node ID 0f1b353570a70d26206267d593a5cdfdb03d813b # Parent a78537db2850ba2f7eff5b651c60a26697728d1b Fix a comparison logic SQL error in lang.php; fix attempt to call mysql_real_escape_string() in install without a working DB connection diff -r a78537db2850 -r 0f1b353570a7 includes/lang.php --- a/includes/lang.php Tue Nov 06 10:53:33 2007 -0500 +++ b/includes/lang.php Tue Nov 06 11:10:18 2007 -0500 @@ -88,7 +88,7 @@ $db->_die('lang.php - attempting to pass invalid value to constructor'); } - $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : 'def'; + $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : '\'def\''; $q = $db->sql_query("SELECT lang_id, lang_code, last_changed, ( lang_id = $lang_default ) AS is_default FROM " . table_prefix . "language WHERE $sql_col OR lang_id = $lang_default ORDER BY is_default DESC LIMIT 1;"); if ( !$q ) diff -r a78537db2850 -r 0f1b353570a7 install.php --- a/install.php Tue Nov 06 10:53:33 2007 -0500 +++ b/install.php Tue Nov 06 11:10:18 2007 -0500 @@ -179,12 +179,16 @@ if ( $act_get ) return $conn; - $db_user = mysql_real_escape_string($_POST['db_user']); - $db_pass = mysql_real_escape_string($_POST['db_pass']); - $db_name = mysql_real_escape_string($_POST['db_name']); + $db_user =& $_POST['db_user']; + $db_pass =& $_POST['db_pass']; + $db_name =& $_POST['db_name']; if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) - die("
SECURITY: malformed database name
"); + { + die('' . htmlspecialchars(print_r($_POST, true)) . ''); + $db_name = htmlspecialchars($db_name); + die("
SECURITY: malformed database name \"$db_name\"
"); + } // First, try to connect using the normal credentials $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); @@ -199,6 +203,9 @@ // Couldn't connect using either set of credentials. Bail out. return false; } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); // Create the user account $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); if ( !$q ) @@ -248,6 +255,9 @@ // this really should never fail, so don't give any tolerance to it return false; } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); // we're in with root rights; grant access to the database $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); if ( !$q )