Merged in the low-level DBAL fix involving dashes in the database name from stable
--- a/includes/dbal.php Fri Nov 09 18:09:29 2007 -0500
+++ b/includes/dbal.php Fri Nov 09 23:39:52 2007 -0500
@@ -140,7 +140,7 @@
$this->query_backtrace = '';
$this->num_queries = 0;
dc_here('dbal: we\'re in, selecting database...');
- $q = $this->sql_query('USE '.$dbname.';');
+ $q = $this->sql_query('USE `'.$dbname.'`;');
if(!$q) $this->_die('The database could not be selected.');
dc_here('dbal: connected to MySQL');
$this->disable_errorhandler();
--- a/install.php Fri Nov 09 18:09:29 2007 -0500
+++ b/install.php Fri Nov 09 23:39:52 2007 -0500
@@ -193,9 +193,8 @@
$db_pass =& $_POST['db_pass'];
$db_name =& $_POST['db_name'];
- if ( !preg_match('/^[a-z0-9_]+$/', $db_name) )
+ if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
{
- die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
$db_name = htmlspecialchars($db_name);
die("<p>SECURITY: malformed database name \"$db_name\"</p>");
}
@@ -244,9 +243,16 @@
return false;
}
}
+ mysql_close($conn_root);
+ $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ if ( !$conn )
+ {
+ // This should honestly never happen.
+ return false;
+ }
}
}
- $q = @mysql_query("USE $db_name;", $conn);
+ $q = @mysql_query("USE `$db_name`;", $conn);
if ( !$q )
{
// access denied to the database; try the whole root schenanegan again
@@ -259,7 +265,7 @@
return false;
}
// create the database, if it doesn't exist
- $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root);
+ $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
if ( !$q )
{
// this really should never fail, so don't give any tolerance to it
@@ -269,26 +275,34 @@
$db_user = mysql_real_escape_string($_POST['db_user']);
$db_pass = mysql_real_escape_string($_POST['db_pass']);
// we're in with root rights; grant access to the database
- $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root);
+ $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
if ( !$q )
{
return false;
}
if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
{
- $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root);
+ $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
if ( !$q )
{
return false;
}
}
+ mysql_close($conn_root);
+ // grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ mysql_close($conn);
+ $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ if ( !$conn )
+ {
+ return false;
+ }
}
else
{
return false;
}
// try again
- $q = @mysql_query("USE $db_name;", $conn);
+ $q = @mysql_query("USE `$db_name`;", $conn);
if ( !$q )
{
// really failed this time; bail out