Merge pull request wavelog#212 from HB9HIL/fix_211

HB9HIL · web-flow · commit 465508765367 · 2024-03-10T15:54:44.000+01:00
[Installer] DB Password
diff --git a/application/config/config.sample.php b/application/config/config.sample.php
@@ -12,9 +12,9 @@
 |	'callbook'		Selects which Callbook lookup to use defaults "hamqth" but supports "qrz"
 */
 
-$config['app_name'] = "Wavelog";
-$config['directory'] = "logbook";
-$config['callbook'] = "hamqth"; // Options are hamqth or qrz
+$config['app_name'] = 'Wavelog';
+$config['directory'] = 'logbook';
+$config['callbook'] = 'hamqth'; // Options are hamqth or qrz
 
 $config['datadir'] = null; // default to install directory
 
@@ -28,8 +28,8 @@
 |	'display_freq'	Show or Hide frequnecy info
 */
 
-$config['table_name'] = "TABLE_HRD_CONTACTS_V01";
-$config['locator'] = "";
+$config['table_name'] = 'TABLE_HRD_CONTACTS_V01';
+$config['locator'] = '';
 $config['display_freq'] = true;
 
 /*
@@ -42,8 +42,8 @@
 |	'use_fullname'  Get full names from QRZ, may not be GDPR compliant
 */
 
-$config['qrz_username'] = "";
-$config['qrz_password'] = "";
+$config['qrz_username'] = '';
+$config['qrz_password'] = '';
 $config['use_fullname'] = false;
 
 /*
@@ -54,8 +54,8 @@
 | 	'hamqth_username'	HamQTH user login
 |	'hamqth_password'	HamQTH user password
 */
-$config['hamqth_username'] = "";
-$config['hamqth_password'] = "";
+$config['hamqth_username'] = '';
+$config['hamqth_password'] = '';
 
 /*
 |--------------------------------------------------------------------------
@@ -70,11 +70,11 @@
 */
 
 $config['use_auth'] = true;
-$config['auth_table'] = "users";
-$config['auth_mode'] = "3";
+$config['auth_table'] = 'users';
+$config['auth_mode'] = '3';
 
-$config['auth_level'][3] = "Operator";
-$config['auth_level'][99] = "Administrator";
+$config['auth_level'][3] = 'Operator';
+$config['auth_level'][99] = 'Administrator';
 
 /*
 |--------------------------------------------------------------------------
@@ -676,4 +676,4 @@
 |
 */
 
-$config['userdata'] = "userdata";  
+$config['userdata'] = 'userdata';  
diff --git a/install/config/config.php b/install/config/config.php
@@ -12,9 +12,9 @@
 |	'callbook'		Selects which Callbook lookup to use defaults "hamqth" but supports "qrz"
 */
 
-$config['app_name'] = "Wavelog";
-$config['directory'] = "/%directory%";
-$config['callbook'] = "%callbook%"; // Options are hamqth or qrz
+$config['app_name'] = 'Wavelog';
+$config['directory'] = '/%directory%';
+$config['callbook'] = '%callbook%'; // Options are hamqth or qrz
 
 $config['datadir'] = null; // default to install directory
 
@@ -28,8 +28,8 @@
 |	'display_freq'	Show or Hide frequnecy info 
 */
 
-$config['table_name'] = "TABLE_HRD_CONTACTS_V01"; 
-$config['locator'] = "%baselocator%"; 
+$config['table_name'] = 'TABLE_HRD_CONTACTS_V01'; 
+$config['locator'] = '%baselocator%'; 
 $config['display_freq'] = true;
 
 /*
@@ -42,8 +42,8 @@
 |	'use_fullname'  Get full names from QRZ, may not be GDPR compliant
 */
 
-$config['qrz_username'] = "%qrz_username%";
-$config['qrz_password'] = "%qrz_password%";
+$config['qrz_username'] = '%qrz_username%';
+$config['qrz_password'] = '%qrz_password%';
 $config['use_fullname'] = false;
 
 /*
@@ -54,8 +54,8 @@
 | 	'hamqth_username'	HamQTH user login
 |	'hamqth_password'	HamQTH user password
 */
-$config['hamqth_username'] = "%hamqth_username%";
-$config['hamqth_password'] = "%hamqth_password%";
+$config['hamqth_username'] = '%hamqth_username%';
+$config['hamqth_password'] = '%hamqth_password%';
 
 /*
 |--------------------------------------------------------------------------
@@ -70,11 +70,11 @@
 */
 
 $config['use_auth'] = true;
-$config['auth_table'] = "users";
-$config['auth_mode'] = "3";
+$config['auth_table'] = 'users';
+$config['auth_mode'] = '3';
 
-$config['auth_level'][3] = "Operator";
-$config['auth_level'][99] = "Administrator";
+$config['auth_level'][3] = 'Operator';
+$config['auth_level'][99] = 'Administrator';
 
 /*
 |--------------------------------------------------------------------------
@@ -676,4 +676,4 @@
 |
 */
 
-$config['userdata'] = "userdata";  
+$config['userdata'] = 'userdata';  
diff --git a/install/includes/core_class.php b/install/includes/core_class.php
@@ -117,9 +117,13 @@ function write_config($data)
 		// Open the file
 		$database_file = file_get_contents($template_path);
 
+		// Sanitize DB Password from single quotes
+		$sanitized_db_pwd = preg_replace("/\\\\/i",'\\\\\\\\',$data['db_password']);       // Escape the Escape char ( '\' becomes '\\' )
+		$sanitized_db_pwd = preg_replace("/\'/i",'\\\\\'',$sanitized_db_pwd);  // Escape the ' ( ' becomes \' )
+
 		$new  = str_replace("%HOSTNAME%", $data['db_hostname'], $database_file);
 		$new  = str_replace("%USERNAME%", $data['db_username'], $new);
-		$new  = str_replace("%PASSWORD%", $data['db_password'], $new);
+		$new  = str_replace("%PASSWORD%", $sanitized_db_pwd, $new);
 		$new  = str_replace("%DATABASE%", $data['db_name'], $new);
 
 		// Write the new database.php file
diff --git a/install/index.php b/install/index.php
@@ -1462,4 +1462,4 @@ function prevTab() {
 
 <?php endif; ?>
 
-</html>
+</html>

Original file line number	Diff line number	Diff line change
`@@ -1462,4 +1462,4 @@ function prevTab() {`
`1462`	`1462`
`1463`	`1463`	`<?php endif; ?>`
`1464`	`1464`
`1465`		`-</html>`
	`1465`	`+</html>`