aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-01 10:07:09 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-01 10:07:09 +0000
commitd82fa1fc19c054ff8d11ddc7385cc58c1b2822ce (patch)
tree3d067f53ac6543a36ebc9cba3dd6f42f694dbf5b
parent6327e4d7fdf4f1bf39e4d463daef3613747bf38c (diff)
downloadelgg-d82fa1fc19c054ff8d11ddc7385cc58c1b2822ce.tar.gz
elgg-d82fa1fc19c054ff8d11ddc7385cc58c1b2822ce.tar.bz2
Fixes #395
git-svn-id: https://code.elgg.org/elgg/trunk@2157 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/database.php13
-rw-r--r--engine/lib/install.php2
2 files changed, 14 insertions, 1 deletions
diff --git a/engine/lib/database.php b/engine/lib/database.php
index f1b4a5871..0ac5eba65 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -480,6 +480,19 @@
return false;
return true;
+ }
+
+ /**
+ * Sanitise a string for database use, but with the option of escaping extra characters.
+ */
+ function sanitise_string_special($string, $extra_escapeable = '')
+ {
+ $string = sanitise_string($string);
+
+ for ($n = 0; $n < strlen($extra_escapeable); $n++)
+ $string = str_replace($extra_escapeable[$n], "\\" . $extra_escapeable[$n], $string);
+
+ return $string;
}
/**
diff --git a/engine/lib/install.php b/engine/lib/install.php
index be88f473f..d24a8b120 100644
--- a/engine/lib/install.php
+++ b/engine/lib/install.php
@@ -106,7 +106,7 @@
if (!$file) return false;
foreach ($vars as $k => $v)
- $file = str_replace("{{".$k."}}", $v, $file);
+ $file = str_replace("{{".$k."}}", sanitise_string_special($v, '$'), $file);
return $file;
}