From 82189dae0be4dc1449d30d6d2c832353538e8fac Mon Sep 17 00:00:00 2001
From: Cameron <cameron@e107coders.org>
Date: Sat, 23 Nov 2013 20:22:41 -0800
Subject: [PATCH] Fixes #252 - Database creation issue during install. Added
 input validation on database name.

---
 e107_languages/English/lan_installer.php |  2 +-
 install.php                              | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/e107_languages/English/lan_installer.php b/e107_languages/English/lan_installer.php
index e666cb5bc..d3a26ee8e 100644
--- a/e107_languages/English/lan_installer.php
+++ b/e107_languages/English/lan_installer.php
@@ -54,7 +54,7 @@ define("LANINS_029", "Table prefix:");
 define("LANINS_030", "The MySQL server you would like e107 to use. It can also include a port number. e.g. “hostname:port” or a path to a local socket e.g. \":/path/to/socket\" for the localhost.");
 define("LANINS_031", "The username you wish e107 to use to connect to your MySQL server");
 define("LANINS_032", "The Password for the user you just entered");
-define("LANINS_033", "The MySQL database you wish e107 to reside in, sometimes referred to as a schema. If the user has database create permissions you can opt to create the database automatically if it doesn't already exist.");
+define("LANINS_033", "The MySQL database you wish e107 to reside in, sometimes referred to as a schema. Must begin with a lowercase letter. If the user has database create permissions you can opt to create the database automatically if it doesn't already exist.");
 define("LANINS_034", "The prefix you wish e107 to use when creating the e107 tables. Useful for multiple installs of e107 in one database schema.");
 define("LANINS_035", "Continue");
 define("LANINS_036", "3");
diff --git a/install.php b/install.php
index 1d94f59ee..192ed0785 100644
--- a/install.php
+++ b/install.php
@@ -417,9 +417,9 @@ class e_install
 				
 				<tr>
 					<td><label for='db'>".LANINS_027."</label></td>
-					<td>
-						<input type='text' name='db' size='20' id='db' value='' maxlength='100' required='required' />
-						<label class='checkbox inline'><input type='checkbox' name='createdb' value='1' />".LANINS_028."</label>
+					<td class='form-inline'>
+						<input type='text' name='db' size='20' id='db' value='' maxlength='100' required='required' pattern='^[a-z][a-z0-9_-]*' />
+						<label class='checkbox inline'><input type='checkbox' name='createdb' value='1' /><small>".LANINS_028."</small></label>
 						<span class='field-help'>".LANINS_033."</span>
 					</td>
 				</tr>
@@ -580,11 +580,11 @@ class e_install
 
 				if($this->previous_steps['mysql']['createdb'] == 1 || !$DB_ALREADY_EXISTS)
 				{
-				    $query = 'CREATE DATABASE '.$this->previous_steps['mysql']['db'].' CHARACTER SET `utf8` ';
+				    $query = 'CREATE DATABASE `'.$this->previous_steps['mysql']['db'].'` CHARACTER SET `utf8` ';
 				}
 				elseif($DB_ALREADY_EXISTS)
 				{
-				    $query = 'ALTER DATABASE '.$this->previous_steps['mysql']['db'].' CHARACTER SET `utf8` ';
+				    $query = 'ALTER DATABASE `'.$this->previous_steps['mysql']['db'].'` CHARACTER SET `utf8` ';
 				}
 
 				if (!$this->dbqry($query))