# HG changeset patch # User Dan # Date 1194669592 18000 # Node ID 275c70f80137c95cc083b84a5d646309d4a9965f # Parent f4323fa79313f60f01d53dec2ba67b250682773d# Parent acb9d021b860deca3188229eba187b7d932e1d97 Merged in the low-level DBAL fix involving dashes in the database name from stable diff -r f4323fa79313 -r 275c70f80137 includes/dbal.php --- a/includes/dbal.php Fri Nov 09 18:09:29 2007 -0500 +++ b/includes/dbal.php Fri Nov 09 23:39:52 2007 -0500 @@ -140,7 +140,7 @@ $this->query_backtrace = ''; $this->num_queries = 0; dc_here('dbal: we\'re in, selecting database...'); - $q = $this->sql_query('USE '.$dbname.';'); + $q = $this->sql_query('USE `'.$dbname.'`;'); if(!$q) $this->_die('The database could not be selected.'); dc_here('dbal: connected to MySQL'); $this->disable_errorhandler(); diff -r f4323fa79313 -r 275c70f80137 install.php --- a/install.php Fri Nov 09 18:09:29 2007 -0500 +++ b/install.php Fri Nov 09 23:39:52 2007 -0500 @@ -193,9 +193,8 @@ $db_pass =& $_POST['db_pass']; $db_name =& $_POST['db_name']; - if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) + if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) { - die('
' . htmlspecialchars(print_r($_POST, true)) . '
'); $db_name = htmlspecialchars($db_name); die("

SECURITY: malformed database name \"$db_name\"

"); } @@ -244,9 +243,16 @@ return false; } } + mysql_close($conn_root); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + // This should honestly never happen. + return false; + } } } - $q = @mysql_query("USE $db_name;", $conn); + $q = @mysql_query("USE `$db_name`;", $conn); if ( !$q ) { // access denied to the database; try the whole root schenanegan again @@ -259,7 +265,7 @@ return false; } // create the database, if it doesn't exist - $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root); + $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); if ( !$q ) { // this really should never fail, so don't give any tolerance to it @@ -269,26 +275,34 @@ $db_user = mysql_real_escape_string($_POST['db_user']); $db_pass = mysql_real_escape_string($_POST['db_pass']); // we're in with root rights; grant access to the database - $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); if ( !$q ) { return false; } if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) { - $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); if ( !$q ) { return false; } } + mysql_close($conn_root); + // grant tables have hopefully been flushed, kill and reconnect our regular user connection + mysql_close($conn); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + return false; + } } else { return false; } // try again - $q = @mysql_query("USE $db_name;", $conn); + $q = @mysql_query("USE `$db_name`;", $conn); if ( !$q ) { // really failed this time; bail out