From 064038a24fe10c63328a3b9f679a8a7fd80f6b0e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 1 Sep 2009 21:12:42 -0700
Subject: Escape backslashes (\) in the $salt in create_admin() as they will
 interfere with our hand rolled UPDATE statement.  Big thanks to paulepanter.

---
 installer/installer.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'installer/installer.php')

diff --git a/installer/installer.php b/installer/installer.php
index 7173a7ee..7fed25c7 100644
--- a/installer/installer.php
+++ b/installer/installer.php
@@ -127,7 +127,8 @@ class installer {
       $salt .= chr($char);
     }
     $password = substr(md5(time() * rand()), 0, 6);
-    $hashed_password = $salt . md5($salt . $password);
+    // Escape backslash in preparation for our UPDATE statement.
+    $hashed_password = str_replace("\\", "\\\\", $salt . md5($salt . $password));
     $sql = self::prepend_prefix($config["prefix"],
        "UPDATE {users} SET `password` = '$hashed_password' WHERE `id` = 2");
     if (mysql_query($sql)) {
-- 
cgit v1.2.3