Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG	(revision 720)
+++ trunk/CHANGELOG	(revision 721)
@@ -11,6 +11,8 @@
 ! = Update/Change
 
 ------------------------------------- 2.7.0 -------------------------------------
+22-Feb-2008 Christian Sommer
+#	restricted database name and table prefix to "a-zA-Z0-9_" (avoid problems with non quoted table/field names)
 20-Feb-2008 Thomas Hornik
 !	added workaround for language sorting-problem
 20-Feb-2008	Christian Sommer
Index: trunk/wb/install/save.php
===================================================================
--- trunk/wb/install/save.php	(revision 720)
+++ trunk/wb/install/save.php	(revision 721)
@@ -225,10 +225,21 @@
 if(!isset($_POST['database_name']) OR $_POST['database_name'] == '') {
 	set_error('Please enter a database name', 'database_name');
 } else {
+	// make sure only allowed characters are specified
+	if(preg_match('/[^a-z0-9_]+/i', $_POST['database_name'])) {
+		// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
+		set_error('Only characters a-z, A-Z, 0-9 and _ allowed as database name.', 'database_name');
+	}
 	$database_name = $_POST['database_name'];
 }
 // Get table prefix
-$table_prefix = $_POST['table_prefix'];
+if(preg_match('/[^a-z0-9_]+/i', $_POST['table_prefix'])) {
+	// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
+	set_error('Only characters a-z, A-Z, 0-9 and _ allowed as table_prefix.', 'table_prefix');
+} else {
+	$table_prefix = $_POST['table_prefix'];
+}
+
 // Find out if the user wants to install tables and data
 if(isset($_POST['install_tables']) AND $_POST['install_tables'] == 'true') {
 	$install_tables = true;
Index: trunk/wb/install/index.php
===================================================================
--- trunk/wb/install/index.php	(revision 720)
+++ trunk/wb/install/index.php	(revision 721)
@@ -283,7 +283,7 @@
 						World-writeable file permissions (777)
 					</label>
 					<br />
-					<font class="note">(Please note: this is only recommended for testing environments)</font>
+					<font class="note">(Please note: only recommended for testing environments)</font>
 				</div>
 			</td>
 		</tr>
@@ -304,7 +304,7 @@
 			</td>
 		</tr>
 		<tr>
-			<td style="color: #666666;">Database Name:</td>
+			<td style="color: #666666;">Database Name:<br />[a-zA-Z0-9_]</td>
 			<td>
 				<input <?php echo field_error('database_name');?> type="text" tabindex="8" name="database_name" style="width: 98%;" value="<?php if(isset($_SESSION['database_name'])) { echo $_SESSION['database_name']; } else { echo 'wb'; } ?>" />
 			</td>
@@ -315,15 +315,15 @@
 			</td>
 		</tr>
 		<tr>
-			<td style="color: #666666;">Table Prefix:</td>
+			<td style="color: #666666;">Table Prefix:<br />[a-zA-Z0-9_]</td>
 			<td>
-				<input type="text" tabindex="11" name="table_prefix" style="width: 250px;"<?php if(isset($_SESSION['table_prefix'])) { echo ' value = "'.$_SESSION['table_prefix'].'"'; } ?> />
+				<input <?php echo field_error('table_prefix');?> type="text" tabindex="11" name="table_prefix" style="width: 250px;"<?php if(isset($_SESSION['table_prefix'])) { echo ' value = "'.$_SESSION['table_prefix'].'"'; } ?> />
 			</td>
 			<td>&nbsp;</td>
 			<td colspan="2">
 				<input type="checkbox" tabindex="12" name="install_tables" id="install_tables" value="true"<?php if(!isset($_SESSION['install_tables'])) { echo ' checked'; } elseif($_SESSION['install_tables'] == 'true') { echo ' checked'; } ?> />
 				<label for="install_tables" style="color: #666666;">Install Tables</label>
-				<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+				<br />
 				<span style="font-size: 10px; color: #666666;">(Please note: May remove existing tables and data)</span></td>		
 			</td>
 		</tr>