diff options
| -rw-r--r-- | installer/database_config.php | 2 | ||||
| -rw-r--r-- | installer/installer.php | 2 | ||||
| -rw-r--r-- | installer/web.php | 7 | ||||
| -rw-r--r-- | modules/gallery/libraries/MY_Database.php | 4 |
4 files changed, 11 insertions, 4 deletions
diff --git a/installer/database_config.php b/installer/database_config.php index a5dc8865..fb7dd112 100644 --- a/installer/database_config.php +++ b/installer/database_config.php @@ -31,7 +31,7 @@ $config['default'] = array( 'connection' => array( 'type' => '<?php print $type ?>', 'user' => '<?php print $user ?>', - 'pass' => '<?php print str_replace("'", "\\'", $password) ?>', + 'pass' => '<?php print $password ?>', 'host' => '<?php print $host ?>', 'port' => <?php if (!empty($port)): ?>'<?php print $port ?>' <?php else: ?>false<?php endif ?>, 'socket' => false, diff --git a/installer/installer.php b/installer/installer.php index decc5629..339a02fd 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -183,7 +183,7 @@ class installer { } static function prepend_prefix($prefix, $sql) { - return preg_replace("#{([a-zA-Z0-9_]+)}#", "{$prefix}$1", $sql); + return preg_replace("#{([a-zA-Z0-9_]+)}#", "`{$prefix}$1`", $sql); } static function check_environment() { diff --git a/installer/web.php b/installer/web.php index 6102f0e0..12f42d02 100644 --- a/installer/web.php +++ b/installer/web.php @@ -39,6 +39,13 @@ if (installer::already_installed()) { "prefix" => $_POST["prefix"], "type" => function_exists("mysqli_set_charset") ? "mysqli" : "mysql"); list ($config["host"], $config["port"]) = explode(":", $config["host"] . ":"); + foreach ($config as $k => $v) { + if ($k == "password") { + $config[$k] = str_replace("'", "\\'", $v); + } else { + $config[$k] = strtr($v, "'`", "__"); + } + } if (!installer::connect($config)) { $content = render("invalid_db_info.html.php"); diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php index f3cace4d..fb54bfcd 100644 --- a/modules/gallery/libraries/MY_Database.php +++ b/modules/gallery/libraries/MY_Database.php @@ -65,14 +65,14 @@ abstract class Database extends Database_Core { $open_brace = strpos($sql, "TO {") + 4; $close_brace = strpos($sql, "}", $open_brace); $name = substr($sql, $open_brace, $close_brace - $open_brace); - $this->_table_names["{{$name}}"] = "{$prefix}$name"; + $this->_table_names["{{$name}}"] = "`{$prefix}$name`"; } if (!isset($this->_table_names)) { // This should only run once on the first query $this->_table_names = array(); foreach($this->list_tables() as $table_name) { - $this->_table_names["{{$table_name}}"] = $prefix . $table_name; + $this->_table_names["{{$table_name}}"] = "`{$prefix}{$table_name}`"; } } |