InfamousStarFox
commented
4 years ago The function replacePlaceholder in file /src/core/Directus/Util/StringUtils.php, specifically line 249 is the culprit which needs to be updated to properly sanitize against escape characters.
Directus version: 8.8.1 LAMP Stack: Shared Hosting, PHP 7.4 MySQL 5.6
In the basic installation steps, on the "Database User Password", the recorded corresponding string in /config/{project-name}.php is non-escaped, allowing password entrys which use a single quotation mark to escape out of the object, causing setup to fail.