Fix a comparison logic SQL error in lang.php; fix attempt to call mysql_real_escape_string() in install without a working DB connection
--- a/includes/lang.php Tue Nov 06 10:53:33 2007 -0500
+++ b/includes/lang.php Tue Nov 06 11:10:18 2007 -0500
@@ -88,7 +88,7 @@
$db->_die('lang.php - attempting to pass invalid value to constructor');
}
- $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : 'def';
+ $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : '\'def\'';
$q = $db->sql_query("SELECT lang_id, lang_code, last_changed, ( lang_id = $lang_default ) AS is_default FROM " . table_prefix . "language WHERE $sql_col OR lang_id = $lang_default ORDER BY is_default DESC LIMIT 1;");
if ( !$q )
--- a/install.php Tue Nov 06 10:53:33 2007 -0500
+++ b/install.php Tue Nov 06 11:10:18 2007 -0500
@@ -179,12 +179,16 @@
if ( $act_get )
return $conn;
- $db_user = mysql_real_escape_string($_POST['db_user']);
- $db_pass = mysql_real_escape_string($_POST['db_pass']);
- $db_name = mysql_real_escape_string($_POST['db_name']);
+ $db_user =& $_POST['db_user'];
+ $db_pass =& $_POST['db_pass'];
+ $db_name =& $_POST['db_name'];
if ( !preg_match('/^[a-z0-9_]+$/', $db_name) )
- die("<p>SECURITY: malformed database name</p>");
+ {
+ die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
+ $db_name = htmlspecialchars($db_name);
+ die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+ }
// First, try to connect using the normal credentials
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
@@ -199,6 +203,9 @@
// Couldn't connect using either set of credentials. Bail out.
return false;
}
+ unset($db_user, $db_pass);
+ $db_user = mysql_real_escape_string($_POST['db_user']);
+ $db_pass = mysql_real_escape_string($_POST['db_pass']);
// Create the user account
$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
if ( !$q )
@@ -248,6 +255,9 @@
// this really should never fail, so don't give any tolerance to it
return false;
}
+ unset($db_user, $db_pass);
+ $db_user = mysql_real_escape_string($_POST['db_user']);
+ $db_pass = mysql_real_escape_string($_POST['db_pass']);
// we're in with root rights; grant access to the database
$q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root);
if ( !$q )