diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-10-01 10:07:09 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-10-01 10:07:09 +0000 |
commit | d82fa1fc19c054ff8d11ddc7385cc58c1b2822ce (patch) | |
tree | 3d067f53ac6543a36ebc9cba3dd6f42f694dbf5b /engine/lib | |
parent | 6327e4d7fdf4f1bf39e4d463daef3613747bf38c (diff) | |
download | elgg-d82fa1fc19c054ff8d11ddc7385cc58c1b2822ce.tar.gz elgg-d82fa1fc19c054ff8d11ddc7385cc58c1b2822ce.tar.bz2 |
Fixes #395
git-svn-id: https://code.elgg.org/elgg/trunk@2157 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/database.php | 13 | ||||
-rw-r--r-- | engine/lib/install.php | 2 |
2 files changed, 14 insertions, 1 deletions
diff --git a/engine/lib/database.php b/engine/lib/database.php index f1b4a5871..0ac5eba65 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -480,6 +480,19 @@ return false; return true; + } + + /** + * Sanitise a string for database use, but with the option of escaping extra characters. + */ + function sanitise_string_special($string, $extra_escapeable = '') + { + $string = sanitise_string($string); + + for ($n = 0; $n < strlen($extra_escapeable); $n++) + $string = str_replace($extra_escapeable[$n], "\\" . $extra_escapeable[$n], $string); + + return $string; }
/**
diff --git a/engine/lib/install.php b/engine/lib/install.php index be88f473f..d24a8b120 100644 --- a/engine/lib/install.php +++ b/engine/lib/install.php @@ -106,7 +106,7 @@ if (!$file) return false; foreach ($vars as $k => $v) - $file = str_replace("{{".$k."}}", $v, $file); + $file = str_replace("{{".$k."}}", sanitise_string_special($v, '$'), $file); return $file; } |