From 1289e8d2c07f0ad450615ec1b1e48beca58f6321 Mon Sep 17 00:00:00 2001 From: e107steved Date: Fri, 21 Oct 2011 20:16:40 +0000 Subject: [PATCH] Additional installation checks --- e107_languages/English/lan_installer.php | 2 ++ install_.php | 34 ++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/e107_languages/English/lan_installer.php b/e107_languages/English/lan_installer.php index a31e137ae..5d9385326 100644 --- a/e107_languages/English/lan_installer.php +++ b/e107_languages/English/lan_installer.php @@ -176,5 +176,7 @@ define("LANINS_117", "Website Preferences"); define("LANINS_118", "Install Plugins"); define("LANINS_119", "Install all plugins that the theme may require."); define("LANINS_120", "8"); +define('LANINS_121', 'e107_config.php is not an empty file'); +define('LANINS_122', 'Possibly you have an existing installation'); diff --git a/install_.php b/install_.php index 3949e0fdc..1c2789e45 100644 --- a/install_.php +++ b/install_.php @@ -456,6 +456,10 @@ class e_install $this->previous_steps['mysql']['createdb'] = (isset($_POST['createdb']) && $_POST['createdb'] == TRUE ? TRUE : FALSE); $this->previous_steps['mysql']['prefix'] = trim($_POST['prefix']); $success = $this->check_name($this->previous_steps['mysql']['db'], FALSE) && $this->check_name($this->previous_steps['mysql']['prefix'], TRUE); + if ($success) + { + $success = $this->checkDbFields($this->previous_steps['mysql']); // Check for invalid characters + } if(!$success || $this->previous_steps['mysql']['server'] == "" || $this->previous_steps['mysql']['user'] == "") { $this->stage = 3; @@ -603,6 +607,12 @@ class e_install } $perms_notes = LANINS_106; } + elseif (filesize('e107_config.php') > 1) + { // Must start from an empty e107_config.php + $perms_pass = FALSE; + $perms_errors = LANINS_121; + $perms_notes = LANINS_122; + } else { $perms_pass = true; @@ -1240,6 +1250,30 @@ class e_install } + + + /** + * Check an array of db-related fields for illegal characters + * + * @return boolean TRUE for OK, FALSE for invalid character + */ + function checkDbFields($fields) + { + if (!is_array($fields)) return FALSE; + foreach (array('server', 'user', 'db', 'prefix') as $key) + { + if (isset($fields[$key])) + { + if (strtr($fields[$key],"';", ' ') != $fields[$key]) + { + return FALSE; // Invalid character found + } + } + } + return TRUE; + } + + function get_lan_file() { if(!isset($this->previous_steps['language']))