/ - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 721

Added by doc almost 17 years ago

restricted database name and table prefix to "a-zA-Z0-9_" (avoid problems with non quoted table/field names)

     ! = Update/Change
     ------------------------------------- 2.7.0 -------------------------------------
 -Feb-2008 Christian Sommer
     #	restricted database name and table prefix to "a-zA-Z0-9_" (avoid problems with non quoted table/field names)
 -Feb-2008 Thomas Hornik
     !	added workaround for language sorting-problem
 -Feb-2008	Christian Sommer

     if(!isset($_POST['database_name']) OR $_POST['database_name'] == '') {
     	set_error('Please enter a database name', 'database_name');
     } else {
     	// make sure only allowed characters are specified
     	if(preg_match('/[^a-z0-9_]+/i', $_POST['database_name'])) {
     		// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
     		set_error('Only characters a-z, A-Z, 0-9 and _ allowed as database name.', 'database_name');
+    	}
     	$database_name = $_POST['database_name'];
+    }
     // Get table prefix
     $table_prefix = $_POST['table_prefix'];
     if(preg_match('/[^a-z0-9_]+/i', $_POST['table_prefix'])) {
     	// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
     	set_error('Only characters a-z, A-Z, 0-9 and _ allowed as table_prefix.', 'table_prefix');
     } else {
     	$table_prefix = $_POST['table_prefix'];
+    }
     // Find out if the user wants to install tables and data
     if(isset($_POST['install_tables']) AND $_POST['install_tables'] == 'true') {
     	$install_tables = true;

     						World-writeable file permissions (777)
     					</label>
     					<br />
     					<font class="note">(Please note: this is only recommended for testing environments)</font>
     					<font class="note">(Please note: only recommended for testing environments)</font>
     				</div>
     			</td>
     		</tr>
-...
     			</td>
     		</tr>
     		<tr>
     			<td style="color: #666666;">Database Name:</td>
     			<td style="color: #666666;">Database Name:<br />[a-zA-Z0-9_]</td>
     			<td>
     				<input <?php echo field_error('database_name');?> type="text" tabindex="8" name="database_name" style="width: 98%;" value="<?php if(isset($_SESSION['database_name'])) { echo $_SESSION['database_name']; } else { echo 'wb'; } ?>" />
     			</td>
-...
     			</td>
     		</tr>
     		<tr>
     			<td style="color: #666666;">Table Prefix:</td>
     			<td style="color: #666666;">Table Prefix:<br />[a-zA-Z0-9_]</td>
     			<td>
     				<input type="text" tabindex="11" name="table_prefix" style="width: 250px;"<?php if(isset($_SESSION['table_prefix'])) { echo ' value = "'.$_SESSION['table_prefix'].'"'; } ?> />
     				<input <?php echo field_error('table_prefix');?> type="text" tabindex="11" name="table_prefix" style="width: 250px;"<?php if(isset($_SESSION['table_prefix'])) { echo ' value = "'.$_SESSION['table_prefix'].'"'; } ?> />
     			</td>
     			<td>&nbsp;</td>
     			<td colspan="2">
     				<input type="checkbox" tabindex="12" name="install_tables" id="install_tables" value="true"<?php if(!isset($_SESSION['install_tables'])) { echo ' checked'; } elseif($_SESSION['install_tables'] == 'true') { echo ' checked'; } ?> />
     				<label for="install_tables" style="color: #666666;">Install Tables</label>
     				<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
     				<br />
     				<span style="font-size: 10px; color: #666666;">(Please note: May remove existing tables and data)</span></td>
     			</td>
     		</tr>

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 721

Added by doc almost 17 years ago