# HG changeset patch # User Dan # Date 1194669409 18000 # Node ID acb9d021b860deca3188229eba187b7d932e1d97 # Parent c9fd175289aa63afceac458405101b6da3e6348c Database name can now contain dashes (as per requested at http://forum.enanocms.org/viewtopic.php?f=5&t=14); corrected some installer behavior issues with connecting as root and setting up permissions resulting in logs not being flushed, configs not being inserted, and what have you. diff -r c9fd175289aa -r acb9d021b860 includes/dbal.php --- a/includes/dbal.php Fri Nov 09 11:14:20 2007 -0500 +++ b/includes/dbal.php Fri Nov 09 23:36:49 2007 -0500 @@ -140,7 +140,7 @@ $this->query_backtrace = ''; $this->num_queries = 0; dc_here('dbal: we\'re in, selecting database...'); - $q = $this->sql_query('USE '.$dbname.';'); + $q = $this->sql_query('USE `'.$dbname.'`;'); if(!$q) $this->_die('The database could not be selected.'); dc_here('dbal: connected to MySQL'); $this->disable_errorhandler(); diff -r c9fd175289aa -r acb9d021b860 install.php --- a/install.php Fri Nov 09 11:14:20 2007 -0500 +++ b/install.php Fri Nov 09 23:36:49 2007 -0500 @@ -179,12 +179,15 @@ if ( $act_get ) return $conn; - $db_user = mysql_real_escape_string($_POST['db_user']); - $db_pass = mysql_real_escape_string($_POST['db_pass']); - $db_name = mysql_real_escape_string($_POST['db_name']); + $db_user =& $_POST['db_user']; + $db_pass =& $_POST['db_pass']; + $db_name =& $_POST['db_name']; - if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) - die("

SECURITY: malformed database name

"); + if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) + { + $db_name = htmlspecialchars($db_name); + die("

SECURITY: malformed database name \"$db_name\"

"); + } // First, try to connect using the normal credentials $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); @@ -199,6 +202,9 @@ // Couldn't connect using either set of credentials. Bail out. return false; } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); // Create the user account $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); if ( !$q ) @@ -227,9 +233,16 @@ return false; } } + mysql_close($conn_root); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + // This should honestly never happen. + return false; + } } } - $q = @mysql_query("USE $db_name;", $conn); + $q = @mysql_query("USE `$db_name`;", $conn); if ( !$q ) { // access denied to the database; try the whole root schenanegan again @@ -242,33 +255,44 @@ return false; } // create the database, if it doesn't exist - $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root); + $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); if ( !$q ) { // this really should never fail, so don't give any tolerance to it return false; } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); // we're in with root rights; grant access to the database - $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); if ( !$q ) { return false; } if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) { - $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); if ( !$q ) { return false; } } + mysql_close($conn_root); + // grant tables have hopefully been flushed, kill and reconnect our regular user connection + mysql_close($conn); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + return false; + } } else { return false; } // try again - $q = @mysql_query("USE $db_name;", $conn); + $q = @mysql_query("USE `$db_name`;", $conn); if ( !$q ) { // really failed this time; bail out @@ -1101,7 +1125,7 @@ document.getElementById('s_db_host').src='images/bad.gif'; ret = false; } - if(frm.db_name.value.match(/^([a-z0-9_]+)$/g)) + if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g)) { document.getElementById('s_db_name').src='images/unknown.gif'; } @@ -1350,17 +1374,83 @@ ?>

The next step is to enter some information about your website. You can always change this information later, using the administration panel.

- - - - - + + + + + + + + + + + + + + + + + + + + + + + +
Website name
The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".		Good/bad icon
Website description
This text will be shown below the name of your website.		Good/bad icon
Copyright info
This should be a one-line legal notice that will appear at the bottom of all your pages.		Good/bad icon
Wiki mode
This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.
URL scheme
Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.		name="urlscheme" value="ugly" id="ugly">
name="urlscheme" value="short" id="short">
+ Website name
+ The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not + be blank or "Enano". + 		+ + + Good/bad icon +
+ Website description
+ This text will be shown below the name of your website. + 		+ + + Good/bad icon +
+ Copyright info
+ This should be a one-line legal notice that will appear at the bottom of all your pages. + 		+ + + Good/bad icon +
+ Wiki mode
+ This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can + protect pages to prevent editing. + 		+ + +   +
+ URL scheme
+ Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you + don't know, select the first option, and you can always change it later. + 		+ name="urlscheme" value="ugly" id="ugly" />
+ name="urlscheme" value="short" id="short" />
+ +
- - - + + + +

Before clicking continue:
• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.

+ + +

+ Before clicking continue:
+ • Verify that your site information is correct. Again, all of the above settings can be changed from the administration + panel. +

+
@@ -1448,10 +1538,23 @@ ?>

Next, enter your desired username and password. The account you create here will be used to administer your site.

- - - - + + + + + + + + + + + + + + + + +
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.		Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.		Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
Allow administrators to embed PHP code into pages:
@@ -1471,15 +1574,24 @@
- - - + + + +

Before clicking continue:
• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.

+ + +

+ Before clicking continue:
+ • Remember the username and password you enter here! You will not be able to administer your site without the + information you enter on this page. +

+
- - - + + +