diff options
author | Cash Costello <cash.costello@gmail.com> | 2013-03-06 12:02:21 -0500 |
---|---|---|
committer | Cash Costello <cash.costello@gmail.com> | 2013-03-06 12:02:21 -0500 |
commit | b7dd38d804dc67a8303fe236d406ce0a54e99549 (patch) | |
tree | 593408e590db0aa8fe54113c331c31f9fd838725 /install/ElggInstaller.php | |
parent | 8a76e62accd81a68724b424a77421dac7a9d9a12 (diff) | |
download | elgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.gz elgg-b7dd38d804dc67a8303fe236d406ce0a54e99549.tar.bz2 |
Fixes #4994 validating db table prefix
Diffstat (limited to 'install/ElggInstaller.php')
-rw-r--r-- | install/ElggInstaller.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 775bbf5b6..93716f7cd 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -1148,11 +1148,21 @@ class ElggInstaller { foreach ($formVars as $field => $info) { if ($info['required'] == TRUE && !$submissionVars[$field]) { $name = elgg_echo("install:database:label:$field"); - register_error("$name is required"); + register_error(elgg_echo('install:error:requiredfield', array($name))); return FALSE; } } + // according to postgres documentation: SQL identifiers and key words must + // begin with a letter (a-z, but also letters with diacritical marks and + // non-Latin letters) or an underscore (_). Subsequent characters in an + // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($). + // Refs #4994 + if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) { + register_error(elgg_echo('install:error:database_prefix')); + return FALSE; + } + return $this->checkDatabaseSettings( $submissionVars['dbuser'], $submissionVars['dbpassword'], |