Client DB credentials not escaped
Hello,
Upon updating a slave server to the new version (3.0.5.4p4), right after creating a backup, I received this error:
PHP Parse error: syntax error, unexpected '84' (T_LNUMBER) in /usr/local/ispconfig/server/lib/mysql_clientdb.conf on line 5
Opening the file, I realised that the problem was that the password was not escaped:
$clientdb_password = 'test'test';
when it must be:
$clientdb_password = 'test'test';
Knowing that to fix it is very easy, I tried to create an account on gitlab (git.ispconfig.org). I did received a confirmation e-mail saying "Account was created for you", but when I tried to log in it says "You have to confirm your account before continuing" (I tried with both my username and my email).
So, if you could please activate my account, I would be thankful (the username and the email address are the same as this account).
I have been using ISPConfig for a while now and I have to tell you that you've done a wonderful job, congratulations!
I would like to start developing on this project as well, I have some great ideas I want to implement. I don't have time at all for it, but I love the project and the fact that is open source, makes me want to improve/contribute.
With this being sad, you too know the fix. Just add the backslashes before storing the string. Use the php addslashes() function (http://php.net/manual/ro/function.addslashes.php). Also, it needs to be corrected on systems that have the problem (loading the file as text and adding a slash).
I've set the severity to high (being used with the Debian severity tags) as it makes ISPConfig unable to use the client db connection (which plays a vital role, right?).
I'm also interested in the new IDS you've built (but I think I can have a look from gitlab, right?).
Best wishes, Daniel