Merge pull request #14 from int2001/db_cfg_sanit

Escape escape-char, too. rmvd warning (since \ should be possible now)

Author: HB9HIL

install/includes/core_class.php

@@ -118,7 +118,8 @@ function write_config($data)
 		$database_file = file_get_contents($template_path);
 
 		// Sanitize DB Password from single quotes
-		$sanitized_db_pwd = preg_replace("/\'/i",'\\\'',$data['db_password']);
+		$sanitized_db_pwd = preg_replace("/\\\\/i",'\\\\\\\\',$data['db_password']);       // Escape the Escape char ( '\' becomes '\\' )
+		$sanitized_db_pwd = preg_replace("/\'/i",'\\\\\'',$sanitized_db_pwd);  // Escape the ' ( ' becomes \' )
 
 		$new  = str_replace("%HOSTNAME%", $data['db_hostname'], $database_file);
 		$new  = str_replace("%USERNAME%", $data['db_username'], $new);

install/index.php

@@ -1108,12 +1108,6 @@ function db_connection_test() {
 					return;
 				}
 
-				if (db_hostname.includes('\\') || db_username.includes('\\') || db_password.includes('\\') || db_name.includes('\\')) {
-					$('#db_connection_testresult').addClass('alert-danger');
-					$('#db_connection_testresult').html('Error: Input cannot contain a backslash (\\).');
-					return;
-				}
-
 				var originalButtonText = $('#db_connection_test_button').html();
 				$('#db_connection_test_button').html('<span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Connecting...').prop('disabled', true);
 
@@ -1468,4 +1462,4 @@ function prevTab() {
 
 <?php endif; ?>
 
-</html>
+</html>