diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 3537cb5a0b..d2e8fb02ae 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -87,6 +87,8 @@
[Change] Validate birthdays (Bug #15004)
[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)
[Fix] Fix disabling of word censor, now possible again
+ [Fix] Allow single quotes in db password to be stored within config.php in installer
+ [Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)
1.i. Changes since 3.0.RC8
diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php
index d1e36ec4a4..f1544c931a 100644
--- a/phpBB/install/install_convert.php
+++ b/phpBB/install/install_convert.php
@@ -422,8 +422,7 @@ class install_convert extends module
}
else
{
- $src_dbpasswd = htmlspecialchars_decode($src_dbpasswd);
- $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
+ $connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
}
// The forum prefix of the old and the new forum can only be the same if two different databases are used.
@@ -443,7 +442,7 @@ class install_convert extends module
{
$sql_db = 'dbal_' . $src_dbms;
$src_db = new $sql_db();
- $src_db->sql_connect($src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, false, true);
+ $src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
$same_db = false;
}
else
@@ -666,7 +665,7 @@ class install_convert extends module
}
$sql_db = 'dbal_' . $convert->src_dbms;
$src_db = new $sql_db();
- $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, $convert->src_dbpasswd, $convert->src_dbname, $convert->src_dbport, false, true);
+ $src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
$same_db = false;
}
else
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 3afdb66e1e..2c4d9a0fda 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -551,7 +551,7 @@ class install_install extends module
}
else
{
- $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']);
+ $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport']);
}
$template->assign_block_vars('checks', array(
@@ -884,17 +884,26 @@ class install_install extends module
// Time to convert the data provided into a config file
$config_data = " $available_dbms[$data['dbms']]['DRIVER'],
+ 'dbhost' => $data['dbhost'],
+ 'dbport' => $data['dbport'],
+ 'dbname' => $data['dbname'],
+ 'dbuser' => $data['dbuser'],
+ 'dbpasswd' => htmlspecialchars_decode($data['dbpasswd']),
+ 'table_prefix' => $data['table_prefix'],
+ 'acm_type' => 'file',
+ 'load_extensions' => $load_extensions,
+ );
+
+ foreach ($config_data_array as $key => $value)
+ {
+ $config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n";
+ }
+ unset($config_data_array);
+
+ $config_data .= "\n@define('PHPBB_INSTALLED', true);\n";
$config_data .= "// @define('DEBUG', true);\n";
$config_data .= "// @define('DEBUG_EXTRA', true);\n";
$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
@@ -1124,7 +1133,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
- $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+ $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@@ -1408,7 +1417,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
- $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
+ $db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@@ -1948,7 +1957,7 @@ class install_install extends module
'dbhost' => request_var('dbhost', ''),
'dbport' => request_var('dbport', ''),
'dbuser' => request_var('dbuser', ''),
- 'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)),
+ 'dbpasswd' => request_var('dbpasswd', '', true),
'dbname' => request_var('dbname', ''),
'table_prefix' => request_var('table_prefix', ''),
'default_lang' => basename(request_var('default_lang', '')),