Closed Tomasuh closed 10 years ago
No santizing are made in the installer when writing : $dbhost $dbuser $dbname $dbpass
to wsconfig.php A simple $_POST = preg_replace('/[^ \w]+/', '', $_POST); before the writeDB call at line 467 should fix it.
Hi,
This bug has been logged in our bug tracking system as WS-1137 WriteDB() in install should strip invalid characters. At this time this bug has not been completed.
WS-1137 fixed as of 3.1.7
No santizing are made in the installer when writing : $dbhost $dbuser $dbname $dbpass
to wsconfig.php A simple $_POST = preg_replace('/[^ \w]+/', '', $_POST); before the writeDB call at line 467 should fix it.