Escape user-defined values during installation.

master
JustAMacUser 5 years ago
parent 0d467973dc
commit 56e16a8d85

@ -3,12 +3,12 @@
// *** Database configuration (important!) *** // *** Database configuration (important!) ***
// ******************************************* // *******************************************
define('DB_TYPE', "pgsql"); // or mysql define('DB_TYPE', "%DB_TYPE"); // pgsql or mysql
define('DB_HOST', "localhost"); define('DB_HOST', "%DB_HOST");
define('DB_USER', "fox"); define('DB_USER', "%DB_USER");
define('DB_NAME', "fox"); define('DB_NAME', "%DB_NAME");
define('DB_PASS', "XXXXXX"); define('DB_PASS', "%DB_PASS");
define('DB_PORT', ''); // usually 5432 for PostgreSQL, 3306 for MySQL define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL
define('MYSQL_CHARSET', 'UTF8'); define('MYSQL_CHARSET', 'UTF8');
// Connection charset for MySQL. If you have a legacy database and/or experience // Connection charset for MySQL. If you have a legacy database and/or experience
@ -18,9 +18,9 @@
// *** Basic settings (important!) *** // *** Basic settings (important!) ***
// *********************************** // ***********************************
define('SELF_URL_PATH', 'https://example.org/tt-rss/'); define('SELF_URL_PATH', '%SELF_URL_PATH');
// This should be set to a fully qualified URL used to access // This should be set to a fully qualified URL used to access
// your tt-rss instance over the net. // your tt-rss instance over the net, such as: https://example.org/tt-rss/
// The value should be a constant string literal. Please don't use // The value should be a constant string literal. Please don't use
// PHP server variables here - you might introduce security // PHP server variables here - you might introduce security
// issues on your install and cause hard to debug problems. // issues on your install and cause hard to debug problems.

@ -151,35 +151,19 @@
function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS, function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
$DB_PORT, $SELF_URL_PATH) { $DB_PORT, $SELF_URL_PATH) {
$data = explode("\n", file_get_contents("../config.php-dist")); $rv = file_get_contents("../config.php-dist");
$rv = ""; $settings = [
"%DB_TYPE" => $DB_TYPE == 'pgsql' ? 'pgsql' : 'mysql',
$finished = false; "%DB_HOST" => addslashes($DB_HOST),
"%DB_USER" => addslashes($DB_USER),
foreach ($data as $line) { "%DB_NAME" => addslashes($DB_NAME),
if (preg_match("/define\('DB_TYPE'/", $line)) { "%DB_PASS" => addslashes($DB_PASS),
$rv .= "\tdefine('DB_TYPE', '$DB_TYPE');\n"; "%DB_PORT" => intval($DB_PORT),
} else if (preg_match("/define\('DB_HOST'/", $line)) { "%SELF_URL_PATH" => addslashes($SELF_URL_PATH)
$rv .= "\tdefine('DB_HOST', '$DB_HOST');\n"; ];
} else if (preg_match("/define\('DB_USER'/", $line)) {
$rv .= "\tdefine('DB_USER', '$DB_USER');\n"; $rv = str_replace(array_keys($settings), array_values($settings), $rv);
} else if (preg_match("/define\('DB_NAME'/", $line)) {
$rv .= "\tdefine('DB_NAME', '$DB_NAME');\n";
} else if (preg_match("/define\('DB_PASS'/", $line)) {
$rv .= "\tdefine('DB_PASS', '$DB_PASS');\n";
} else if (preg_match("/define\('DB_PORT'/", $line)) {
$rv .= "\tdefine('DB_PORT', '$DB_PORT');\n";
} else if (preg_match("/define\('SELF_URL_PATH'/", $line)) {
$rv .= "\tdefine('SELF_URL_PATH', '$SELF_URL_PATH');\n";
} else if (!$finished) {
$rv .= "$line\n";
}
if (preg_match("/\?\>/", $line)) {
$finished = true;
}
}
return $rv; return $rv;
} }

Loading…
Cancel
Save