Merge branch 'bugfix/install-config-escape' into 'develop'

Added escaping for install in config.tpl

In the installation process, string like the one below should be a valid application name (or DB password).
> Framadate c'est vraiment super ! "Datez" comme vous voulez \o/

It missed some escaping for single quote (') and backslash (\\), resulting in PHP parse errors.

It should be cherry-picked to the `release` branch too.

See merge request !136
This commit is contained in:
Olivier Perez 2016-07-07 14:15:34 +02:00
parent b3ecf1262f
commit 0cf52c8461
2 changed files with 5 additions and 2 deletions

View File

@ -64,6 +64,9 @@ function smarty_modifier_markdown($md, $clear = false) {
function smarty_modifier_resource($link) { function smarty_modifier_resource($link) {
return Utils::get_server_name() . $link; return Utils::get_server_name() . $link;
} }
function smarty_modifier_addslashes_single_quote($string) {
return addcslashes($string, '\\\'');
}
function smarty_modifier_html($html) { function smarty_modifier_html($html) {
return Utils::htmlEscape($html); return Utils::htmlEscape($html);

View File

@ -23,7 +23,7 @@
// const APP_URL = '<www.mydomain.fr>'; // const APP_URL = '<www.mydomain.fr>';
// Application name // Application name
const NOMAPPLICATION = '{$appName}'; const NOMAPPLICATION = '{$appName|addslashes_single_quote}';
// Database administrator email // Database administrator email
const ADRESSEMAILADMIN = '{$appMail}'; const ADRESSEMAILADMIN = '{$appMail}';
@ -38,7 +38,7 @@ const DB_CONNECTION_STRING = '{$dbConnectionString}';
const DB_USER= '{$dbUser}'; const DB_USER= '{$dbUser}';
// Database password // Database password
const DB_PASSWORD = '{$dbPassword}'; const DB_PASSWORD = '{$dbPassword|addslashes_single_quote}';
// Table name prefix // Table name prefix
const TABLENAME_PREFIX = '{$dbPrefix}'; const TABLENAME_PREFIX = '{$dbPrefix}';