ktwbc
commented
10 years ago Hi,
This bug has been logged in our bug tracking system as WS-1137 WriteDB() in install should strip invalid characters. At this time this bug has not been completed.
Closed Tomasuh closed 10 years ago
ktwbc
commented
10 years ago Hi,
This bug has been logged in our bug tracking system as WS-1137 WriteDB() in install should strip invalid characters. At this time this bug has not been completed.
ktwbc
commented
10 years ago WS-1137 fixed as of 3.1.7
No santizing are made in the installer when writing : $dbhost $dbuser $dbname $dbpass
to wsconfig.php A simple $_POST = preg_replace('/[^ \w]+/', '', $_POST); before the writeDB call at line 467 should fix it.