Bugtracker #4296 - table/prefix names beginning with numerics and 'e' cause mySQL error

2025-01-17 12:48:24 +01:00 · 2008-05-25 10:23:12 +00:00 · 2008-05-25 10:23:12 +00:00 · d7d3355baa
commit d7d3355baa
parent 899490243b
2 changed files with 49 additions and 19 deletions
--- a/e107_languages/English/lan_installer.php
+++ b/e107_languages/English/lan_installer.php
@ -144,6 +144,6 @@ define("LANINS_102", 'Date / Time');
 define("LANINS_103", 'Reviews');
 define("LANINS_104", 'Review Front Page ...');

-define("LANINS_105", '');
+define("LANINS_105", 'A database name or prefix beginning with some digits followed by \'e\' or \'E\' is not acceptable');
 define("LANINS_106", '');
 ?>
--- a/install_.php
+++ b/install_.php
@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/install_.php,v $
-|     $Revision: 1.7 $
-|     $Date: 2008-03-12 22:23:14 $
+|     $Revision: 1.8 $
+|     $Date: 2008-05-25 10:23:12 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@ -262,20 +262,25 @@ class e_install {
 		$this->template->SetTag("stage_content", $page_info.$e_forms->return_form());
 	}

-	function stage_3(){
+
+	function stage_3()
+	{
 		global $e_forms;
+		$success = true;
 		$this->stage = 3;
 		$this->get_lan_file();
 		$this->template->SetTag("installation_heading", LANINS_001);
 		$this->template->SetTag("stage_pre", LANINS_002);
 		$this->template->SetTag("stage_num", LANINS_036);
-		$this->previous_steps['mysql']['server'] = $_POST['server'];
-		$this->previous_steps['mysql']['user'] = $_POST['name'];
+		$this->previous_steps['mysql']['server'] = trim($_POST['server']);
+		$this->previous_steps['mysql']['user'] = trim($_POST['name']);
 		$this->previous_steps['mysql']['password'] = $_POST['password'];
-		$this->previous_steps['mysql']['db'] = $_POST['db'];
+		$this->previous_steps['mysql']['db'] = trim($_POST['db']);
 		$this->previous_steps['mysql']['createdb'] = (isset($_POST['createdb']) && $_POST['createdb'] == true ? true : false);
-		$this->previous_steps['mysql']['prefix'] = $_POST['prefix'];
-		if($this->previous_steps['mysql']['server'] == "" || $this->previous_steps['mysql']['user'] == "" | $this->previous_steps['mysql']['db'] == "") {
+		$this->previous_steps['mysql']['prefix'] = trim($_POST['prefix']);
+		$success = $this->check_name($this->previous_steps['mysql']['db']) && $this->check_name($this->previous_steps['mysql']['prefix']);
+		if(!$success || $this->previous_steps['mysql']['server'] == "" || $this->previous_steps['mysql']['user'] == "") 
+		{
 			$this->stage = 3;
 			$this->template->SetTag("stage_num", LANINS_021);
 			$e_forms->start_form("versions", $_SERVER['PHP_SELF'].($_SERVER['QUERY_STRING'] == "debug" ? "?debug" : ""));
@ -309,38 +314,52 @@ class e_install {
 			      <td class='row-border'><label for='prefix'>".LANINS_029."</label></td>
 			      <td class='row-border'><input type='text' name='prefix' id='prefix' size='20' value='{$this->previous_steps['mysql']['prefix']}'  maxlength='100' /></td>
 				  <td class='row-border'>".LANINS_034."</td>
-			    </tr>
+			    </tr>";
+			if (!$success)
+			{
+			  $output .= "<tr><td class='row-border' colspan='3'>".LANINS_105."</td></tr>";
+			}
+			$output .= "
 			  </table>
 			</div>
 			<br /><br />\n";
 			$e_forms->add_plain_html($output);
 			$e_forms->add_button("submit", LANINS_035);
 			$this->template->SetTag("stage_title", LANINS_040);
-		} else {
-			$success = true;
+		} 
+		else 
+		{
 			$this->template->SetTag("stage_title", LANINS_037.($this->previous_steps['mysql']['createdb'] == 1 ? LANINS_038 : ""));
-			if (!@mysql_connect($this->previous_steps['mysql']['server'], $this->previous_steps['mysql']['user'], $this->previous_steps['mysql']['password'])) {
+		  if (!@mysql_connect($this->previous_steps['mysql']['server'], $this->previous_steps['mysql']['user'], $this->previous_steps['mysql']['password'])) 
+		  {
 				$success = false;
 				$page_content = LANINS_041.nl2br("\n\n<b>".LANINS_083."\n</b><i>".mysql_error()."</i>");
-			} else {
+		  } 
+		  else 
+		  {
 				$page_content = LANINS_042;
-				if($this->previous_steps['mysql']['createdb'] == 1) {
-					if (!mysql_query("CREATE DATABASE ".$this->previous_steps['mysql']['db'])) {
+			if($this->previous_steps['mysql']['createdb'] == 1) 
+			{
+			  if (!mysql_query("CREATE DATABASE ".$this->previous_steps['mysql']['db'])) 
+			  {
 						$success = false;
 						$page_content .= "<br /><br />".LANINS_043.nl2br("\n\n<b>".LANINS_083."\n</b><i>".mysql_error()."</i>");
-					} else {
+			  } 
+			  else 
+			  {
 						$page_content .= "<br /><br />".LANINS_044;
 					}
 				}
 			}
-			if($success){
+		  if($success)
+		  {
 				$e_forms->start_form("versions", $_SERVER['PHP_SELF'].($_SERVER['QUERY_STRING'] == "debug" ? "?debug" : ""));
 				$page_content .= "<br /><br />".LANINS_045."<br /><br />";
 				$e_forms->add_button("submit", LANINS_035);
 			}
 			$head = $page_content;
 		}
-		$this->finish_form();
+		if ($success) $this->finish_form(); else $this->finish_form(3);
 		$this->template->SetTag("stage_content", $head.$e_forms->return_form());
 	}

@ -590,6 +609,17 @@ This file has been generated by the installation script.
 		$this->template->SetTag("stage_content", $page.$e_forms->return_form());
 	}

+
+	// Check a DB name or table prefix - anything starting with a numeric followed by 'e' causes problems.
+	// Return TRUE if acceptable, FALSE if unacceptable
+	function check_name($str)
+	{
+	  if ($str == '') return FALSE;
+	  if (preg_match("#^\d+[e|E]#",$str)) return FALSE;
+	  return TRUE;
+	}
+
+
 	function get_lan_file(){
 		if(!isset($this->previous_steps['language'])) {
 			$this->previous_steps['language'] = "English";