Merge branch 'release/1.8.1'

1 files changed, 12 insertions, 2 deletions

diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 775bbf5b6..78cdde90f 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1148,11 +1148,21 @@ class ElggInstaller {
 		foreach ($formVars as $field => $info) {
 			if ($info['required'] == TRUE && !$submissionVars[$field]) {
 				$name = elgg_echo("install:database:label:$field");
-				register_error("$name is required");
+				register_error(elgg_echo('install:error:requiredfield', array($name)));
 				return FALSE;
 			}
 		}
 
+		// according to postgres documentation: SQL identifiers and key words must
+		// begin with a letter (a-z, but also letters with diacritical marks and
+		// non-Latin letters) or an underscore (_). Subsequent characters in an
+		// identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+		// Refs #4994
+		if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+			register_error(elgg_echo('install:error:database_prefix'));
+			return FALSE;
+		}
+
 		return $this->checkDatabaseSettings(
 					$submissionVars['dbuser'],
 					$submissionVars['dbpassword'],
@@ -1404,7 +1414,7 @@ class ElggInstaller {
 		$submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']);
 
 		$site = new ElggSite();
-		$site->name = $submissionVars['sitename'];
+		$site->name = strip_tags($submissionVars['sitename']);
 		$site->url = $submissionVars['wwwroot'];
 		$site->access_id = ACCESS_PUBLIC;
 		$site->email = $submissionVars['siteemail'];