mirror of
https://github.com/nextcloud/server.git
synced 2026-04-29 18:11:41 -04:00
Escape strings for DB and User creation at setup. Fix oc-124
This commit is contained in:
Brice Maron
parent
2c264f836c
commit
4a89eb77c1
1 changed files with 7 additions and 3 deletions
|
|
@ -271,19 +271,23 @@ class OC_Setup {
|
|||
|
||||
public static function pg_createDatabase($name,$user,$connection) {
|
||||
//we cant use OC_BD functions here because we need to connect as the administrative user.
|
||||
$query = "CREATE DATABASE $name OWNER $user";
|
||||
$e_name = pg_escape_string($name);
|
||||
$e_user = pg_escape_string($user);
|
||||
$query = "CREATE DATABASE \"$e_name\" OWNER \"$e_user\"";
|
||||
$result = pg_query($connection, $query);
|
||||
if(!$result) {
|
||||
$entry='DB Error: "'.pg_last_error($connection).'"<br />';
|
||||
$entry.='Offending command was: '.$query.'<br />';
|
||||
echo($entry);
|
||||
}
|
||||
$query = "REVOKE ALL PRIVILEGES ON DATABASE $name FROM PUBLIC";
|
||||
$query = "REVOKE ALL PRIVILEGES ON DATABASE \"$e_name\" FROM PUBLIC";
|
||||
$result = pg_query($connection, $query);
|
||||
}
|
||||
|
||||
private static function pg_createDBUser($name,$password,$connection) {
|
||||
$query = "CREATE USER $name CREATEDB PASSWORD '$password';";
|
||||
$e_name = pg_escape_string($name);
|
||||
$e_password = pg_escape_string($password);
|
||||
$query = "CREATE USER \"$e_name\" CREATEDB PASSWORD '$e_password';";
|
||||
$result = pg_query($connection, $query);
|
||||
if(!$result) {
|
||||
$entry='DB Error: "'.pg_last_error($connection).'"<br />';
|
||||
|
|
|
|||
Loading…
Reference in a new issue