Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
authorDan
Fri, 16 Jan 2009 13:13:03 -0500
changeset 814 7664d7d38a4a
parent 813 3fe11491f512
child 815 c2b3b1464224
Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
install/includes/cli-core.php file | annotate | diff | comparison | revisions 
--- a/install/includes/cli-core.php	Wed Jan 14 23:29:14 2009 -0500
+++ b/install/includes/cli-core.php	Fri Jan 16 13:13:03 2009 -0500
@@ -456,9 +456,9 @@
 
 $vars = array(
     'TABLE_PREFIX'         => table_prefix,
-    'SITE_NAME'            => $sitename,
-    'SITE_DESC'            => $sitedesc,
-    'COPYRIGHT'            => $copyright,
+    'SITE_NAME'            => $db->escape($sitename),
+    'SITE_DESC'            => $db->escape($sitedesc),
+    'COPYRIGHT'            => $db->escape($copyright),
     'WIKI_MODE'            => '0',
     'ENABLE_CACHE'         => ( is_writable( ENANO_ROOT . '/cache/' ) ? '1' : '0' ),
     'VERSION'              => installer_enano_version(),
Enano CMS (1.1.x)