Commit 67fedede authored by Till Brehm's avatar Till Brehm

Fixed: FS#3712 - Client DB credentials not escaped

parent ccebb930
......@@ -1292,7 +1292,7 @@ class installer_dist extends installer_base {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
......
......@@ -1366,7 +1366,7 @@ class installer_dist extends installer_base {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
......
......@@ -2218,7 +2218,7 @@ class installer_base {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment