diff options
| author | Brion Vibber <brion@pobox.com> | 2010-10-14 16:52:01 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-10-14 16:52:01 -0700 |
| commit | a2090ecc97f93894ba6f833acde5f44058988510 (patch) | |
| tree | 1dd53067dbf2b90331c681882e2c184a308994c3 | |
| parent | fc6711327bcb2319139171ad3353603753f13eaa (diff) | |
| parent | 56403c4beb939b71bf4412746eeaf6419afd7fea (diff) | |
Merge branch '2828' into 0.9.x
| -rw-r--r-- | install.php | 83 | ||||
| -rw-r--r-- | lib/installer.php | 42 |
2 files changed, 101 insertions, 24 deletions
diff --git a/install.php b/install.php index 158d51fa3..9b0d19882 100644 --- a/install.php +++ b/install.php @@ -45,13 +45,61 @@ require INSTALLDIR . '/lib/installer.php'; * Helper class for building form */ class Posted { + /** + * HTML-friendly escaped string for the POST param of given name, or empty. + * @param string $name + * @return string + */ function value($name) { + return htmlspecialchars($this->string($name)); + } + + /** + * The given POST parameter value, forced to a string. + * Missing value will give ''. + * + * @param string $name + * @return string + */ + function string($name) + { + return strval($this->raw($name)); + } + + /** + * The given POST parameter value, in its original form. + * Magic quotes are stripped, if provided. + * Missing value will give null. + * + * @param string $name + * @return mixed + */ + function raw($name) + { if (isset($_POST[$name])) { - return htmlspecialchars(strval($_POST[$name])); + return $this->dequote($_POST[$name]); } else { - return ''; + return null; + } + } + + /** + * If necessary, strip magic quotes from the given value. + * + * @param mixed $val + * @return mixed + */ + function dequote($val) + { + if (get_magic_quotes_gpc()) { + if (is_string($val)) { + return stripslashes($val); + } else if (is_array($val)) { + return array_map(array($this, 'dequote'), $val); + } } + return $val; } } @@ -107,11 +155,7 @@ class WebInstaller extends Installer global $dbModules; $post = new Posted(); $dbRadios = ''; - if (isset($_POST['dbtype'])) { - $dbtype = $_POST['dbtype']; - } else { - $dbtype = null; - } + $dbtype = $post->raw('dbtype'); foreach (self::$dbModules as $type => $info) { if ($this->checkExtension($info['check_module'])) { if ($dbtype == null || $dbtype == $type) { @@ -245,19 +289,20 @@ STR; */ function prepare() { - $this->host = $_POST['host']; - $this->dbtype = $_POST['dbtype']; - $this->database = $_POST['database']; - $this->username = $_POST['dbusername']; - $this->password = $_POST['dbpassword']; - $this->sitename = $_POST['sitename']; - $this->fancy = !empty($_POST['fancy']); + $post = new Posted(); + $this->host = $post->string('host'); + $this->dbtype = $post->string('dbtype'); + $this->database = $post->string('database'); + $this->username = $post->string('dbusername'); + $this->password = $post->string('dbpassword'); + $this->sitename = $post->string('sitename'); + $this->fancy = (bool)$post->string('fancy'); - $this->adminNick = strtolower($_POST['admin_nickname']); - $this->adminPass = $_POST['admin_password']; - $adminPass2 = $_POST['admin_password2']; - $this->adminEmail = $_POST['admin_email']; - $this->adminUpdates = $_POST['admin_updates']; + $this->adminNick = strtolower($post->string('admin_nickname')); + $this->adminPass = $post->string('admin_password'); + $adminPass2 = $post->string('admin_password2'); + $this->adminEmail = $post->string('admin_email'); + $this->adminUpdates = $post->string('admin_updates'); $this->server = $_SERVER['HTTP_HOST']; $this->path = substr(dirname($_SERVER['PHP_SELF']), 1); diff --git a/lib/installer.php b/lib/installer.php index c046eadea..a9d809011 100644 --- a/lib/installer.php +++ b/lib/installer.php @@ -392,6 +392,30 @@ abstract class Installer } /** + * Return a parseable PHP literal for the given value. + * This will include quotes for strings, etc. + * + * @param mixed $val + * @return string + */ + function phpVal($val) + { + return var_export($val, true); + } + + /** + * Return an array of parseable PHP literal for the given values. + * These will include quotes for strings, etc. + * + * @param mixed $val + * @return array + */ + function phpVals($map) + { + return array_map(array($this, 'phpVal'), $map); + } + + /** * Write a stock configuration file. * * @return boolean success @@ -400,24 +424,32 @@ abstract class Installer */ function writeConf() { + $vals = $this->phpVals(array( + 'sitename' => $this->sitename, + 'server' => $this->server, + 'path' => $this->path, + 'db_database' => $this->db['database'], + 'db_type' => $this->db['type'], + )); + // assemble configuration file in a string $cfg = "<?php\n". "if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }\n\n". // site name - "\$config['site']['name'] = '{$this->sitename}';\n\n". + "\$config['site']['name'] = {$vals['sitename']};\n\n". // site location - "\$config['site']['server'] = '{$this->server}';\n". - "\$config['site']['path'] = '{$this->path}'; \n\n". + "\$config['site']['server'] = {$vals['server']};\n". + "\$config['site']['path'] = {$vals['path']}; \n\n". // checks if fancy URLs are enabled ($this->fancy ? "\$config['site']['fancy'] = true;\n\n":''). // database - "\$config['db']['database'] = '{$this->db['database']}';\n\n". + "\$config['db']['database'] = {$vals['db_database']};\n\n". ($this->db['type'] == 'pgsql' ? "\$config['db']['quote_identifiers'] = true;\n\n":''). - "\$config['db']['type'] = '{$this->db['type']}';\n\n"; + "\$config['db']['type'] = {$vals['db_type']};\n\n"; // Normalize line endings for Windows servers $cfg = str_replace("\n", PHP_EOL, $cfg); |