Merge branch 'bugfix/install-config-escape' into 'develop'
Added escaping for install in config.tpl In the installation process, string like the one below should be a valid application name (or DB password). > Framadate c'est vraiment super ! "Datez" comme vous voulez \o/ It missed some escaping for single quote (') and backslash (\\), resulting in PHP parse errors. It should be cherry-picked to the `release` branch too. See merge request !136
This commit is contained in:
parent
b3ecf1262f
commit
0cf52c8461
@ -64,6 +64,9 @@ function smarty_modifier_markdown($md, $clear = false) {
|
||||
function smarty_modifier_resource($link) {
|
||||
return Utils::get_server_name() . $link;
|
||||
}
|
||||
function smarty_modifier_addslashes_single_quote($string) {
|
||||
return addcslashes($string, '\\\'');
|
||||
}
|
||||
|
||||
function smarty_modifier_html($html) {
|
||||
return Utils::htmlEscape($html);
|
||||
|
@ -23,7 +23,7 @@
|
||||
// const APP_URL = '<www.mydomain.fr>';
|
||||
|
||||
// Application name
|
||||
const NOMAPPLICATION = '{$appName}';
|
||||
const NOMAPPLICATION = '{$appName|addslashes_single_quote}';
|
||||
|
||||
// Database administrator email
|
||||
const ADRESSEMAILADMIN = '{$appMail}';
|
||||
@ -38,7 +38,7 @@ const DB_CONNECTION_STRING = '{$dbConnectionString}';
|
||||
const DB_USER= '{$dbUser}';
|
||||
|
||||
// Database password
|
||||
const DB_PASSWORD = '{$dbPassword}';
|
||||
const DB_PASSWORD = '{$dbPassword|addslashes_single_quote}';
|
||||
|
||||
// Table name prefix
|
||||
const TABLENAME_PREFIX = '{$dbPrefix}';
|
||||
|
Loading…
Reference in New Issue
Block a user