From b7dd38d804dc67a8303fe236d406ce0a54e99549 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Wed, 6 Mar 2013 12:02:21 -0500
Subject: Fixes #4994 validating db table prefix

---
 install/ElggInstaller.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'install/ElggInstaller.php')

diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 775bbf5b6..93716f7cd 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1148,11 +1148,21 @@ class ElggInstaller {
 		foreach ($formVars as $field => $info) {
 			if ($info['required'] == TRUE && !$submissionVars[$field]) {
 				$name = elgg_echo("install:database:label:$field");
-				register_error("$name is required");
+				register_error(elgg_echo('install:error:requiredfield', array($name)));
 				return FALSE;
 			}
 		}
 
+		// according to postgres documentation: SQL identifiers and key words must
+		// begin with a letter (a-z, but also letters with diacritical marks and
+		// non-Latin letters) or an underscore (_). Subsequent characters in an
+		// identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+		// Refs #4994
+		if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+			register_error(elgg_echo('install:error:database_prefix'));
+			return FALSE;
+		}
+
 		return $this->checkDatabaseSettings(
 					$submissionVars['dbuser'],
 					$submissionVars['dbpassword'],
-- 
cgit v1.2.3


From e579d5b32ea0f12450520a6d45183018e0851757 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 30 Mar 2013 13:29:51 -0400
Subject: Fixes #2682 strips tags from site name

---
 actions/admin/site/update_basic.php | 2 +-
 install/ElggInstaller.php           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'install/ElggInstaller.php')

diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
index 97d258b65..9765182cc 100644
--- a/actions/admin/site/update_basic.php
+++ b/actions/admin/site/update_basic.php
@@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) {
 	}
 
 	$site->description = get_input('sitedescription');
-	$site->name = get_input('sitename');
+	$site->name = strip_tags(get_input('sitename'));
 	$site->email = get_input('siteemail');
 	$site->save();
 
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 93716f7cd..78cdde90f 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1414,7 +1414,7 @@ class ElggInstaller {
 		$submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']);
 
 		$site = new ElggSite();
-		$site->name = $submissionVars['sitename'];
+		$site->name = strip_tags($submissionVars['sitename']);
 		$site->url = $submissionVars['wwwroot'];
 		$site->access_id = ACCESS_PUBLIC;
 		$site->email = $submissionVars['siteemail'];
-- 
cgit v1.2.3