aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCash Costello <cash.costello@gmail.com>2013-03-06 12:02:21 -0500
committerCash Costello <cash.costello@gmail.com>2013-03-06 12:02:21 -0500
commitb7dd38d804dc67a8303fe236d406ce0a54e99549 (patch)
tree593408e590db0aa8fe54113c331c31f9fd838725
parent8a76e62accd81a68724b424a77421dac7a9d9a12 (diff)
downloadelgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.gz
elgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.bz2
Fixes #4994 validating db table prefix
-rw-r--r--install/ElggInstaller.php12
-rw-r--r--install/languages/en.php3
2 files changed, 13 insertions, 2 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 775bbf5b6..93716f7cd 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1148,11 +1148,21 @@ class ElggInstaller {
foreach ($formVars as $field => $info) {
if ($info['required'] == TRUE && !$submissionVars[$field]) {
$name = elgg_echo("install:database:label:$field");
- register_error("$name is required");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
return FALSE;
}
}
+ // according to postgres documentation: SQL identifiers and key words must
+ // begin with a letter (a-z, but also letters with diacritical marks and
+ // non-Latin letters) or an underscore (_). Subsequent characters in an
+ // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+ // Refs #4994
+ if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+ register_error(elgg_echo('install:error:database_prefix'));
+ return FALSE;
+ }
+
return $this->checkDatabaseSettings(
$submissionVars['dbuser'],
$submissionVars['dbpassword'],
diff --git a/install/languages/en.php b/install/languages/en.php
index b2583fbc9..531379b1e 100644
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -124,6 +124,7 @@ If you are ready to proceed, click the Next button.",
'install:error:htaccess' => 'Unable to create an .htaccess',
'install:error:settings' => 'Unable to create the settings file',
'install:error:databasesettings' => 'Unable to connect to the database with these settings.',
+ 'install:error:database_prefix' => 'Invalid characters in database prefix',
'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.',
'install:error:nodatabase' => 'Unable to use database %s. It may not exist.',
'install:error:cannotloadtables' => 'Cannot load the database tables',
@@ -131,7 +132,7 @@ If you are ready to proceed, click the Next button.",
'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php',
'install:error:writesettingphp' => 'Unable to write engine/settings.php',
'install:error:requiredfield' => '%s is required',
- 'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory',
+ 'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory',
'install:error:datadirectoryexists' => 'Your data directory %s does not exist.',
'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',