From b61965256e2a7e2e01ccb1b7f42820545a6ae11b Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 5 May 2008 06:48:39 +0000
Subject: [PATCH] Installer: encode special characters in DB username/password
 (#1485042)

---
 CHANGELOG                   | 4 ++++
 installer/rcube_install.php | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 5417a987f..038478325 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2008/05/05 (alec)
+----------
+- Installer: encode special characters in DB username/password (#1485042)
+
 2008/05/02 (alec)
 ----------
 - Updated MDB2 package to version 2.5.0b1
diff --git a/installer/rcube_install.php b/installer/rcube_install.php
index c4704a3a8..024046755 100644
--- a/installer/rcube_install.php
+++ b/installer/rcube_install.php
@@ -137,7 +137,9 @@ class rcube_install
         if ($_POST['_dbtype'] == 'sqlite')
           $value = sprintf('%s://%s?mode=0646', $_POST['_dbtype'], $_POST['_dbname']{0} == '/' ? '/' . $_POST['_dbname'] : $_POST['_dbname']);
         else
-          $value = sprintf('%s://%s:%s@%s/%s', $_POST['_dbtype'], $_POST['_dbuser'], $_POST['_dbpass'], $_POST['_dbhost'], $_POST['_dbname']);
+          $value = sprintf('%s://%s:%s@%s/%s', $_POST['_dbtype'], 
+		    rawurlencode($_POST['_dbuser']), rawurlencode($_POST['_dbpass']),
+		    $_POST['_dbhost'], $_POST['_dbname']);
       }
       else if ($prop == 'smtp_auth_type' && $value == '0') {
         $value = '';