diff options
author | Cash Costello <cash.costello@gmail.com> | 2013-03-06 12:02:21 -0500 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2013-03-06 12:02:21 -0500 |
commit | b7dd38d804dc67a8303fe236d406ce0a54e99549 (patch) | |
tree | 593408e590db0aa8fe54113c331c31f9fd838725 | |
parent | 8a76e62accd81a68724b424a77421dac7a9d9a12 (diff) | |
download | elgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.gz elgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.bz2 |
Fixes #4994 validating db table prefix
-rw-r--r-- | install/ElggInstaller.php | 12 | ||||
-rw-r--r-- | install/languages/en.php | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 775bbf5b6..93716f7cd 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -1148,11 +1148,21 @@ class ElggInstaller { foreach ($formVars as $field => $info) { if ($info['required'] == TRUE && !$submissionVars[$field]) { $name = elgg_echo("install:database:label:$field"); - register_error("$name is required"); + register_error(elgg_echo('install:error:requiredfield', array($name))); return FALSE; } } + // according to postgres documentation: SQL identifiers and key words must + // begin with a letter (a-z, but also letters with diacritical marks and + // non-Latin letters) or an underscore (_). Subsequent characters in an + // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($). + // Refs #4994 + if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) { + register_error(elgg_echo('install:error:database_prefix')); + return FALSE; + } + return $this->checkDatabaseSettings( $submissionVars['dbuser'], $submissionVars['dbpassword'], diff --git a/install/languages/en.php b/install/languages/en.php index b2583fbc9..531379b1e 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -124,6 +124,7 @@ If you are ready to proceed, click the Next button.", 'install:error:htaccess' => 'Unable to create an .htaccess', 'install:error:settings' => 'Unable to create the settings file', 'install:error:databasesettings' => 'Unable to connect to the database with these settings.', + 'install:error:database_prefix' => 'Invalid characters in database prefix', 'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.', 'install:error:nodatabase' => 'Unable to use database %s. It may not exist.', 'install:error:cannotloadtables' => 'Cannot load the database tables', @@ -131,7 +132,7 @@ If you are ready to proceed, click the Next button.", 'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php', 'install:error:writesettingphp' => 'Unable to write engine/settings.php', 'install:error:requiredfield' => '%s is required', - 'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory', + 'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory', 'install:error:datadirectoryexists' => 'Your data directory %s does not exist.', 'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.', 'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.', |