X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=install.php;h=9b0d19882cf5e4f3e4af9507230490eef9ca6f31;hb=1fdc72f5956f00c736f7761aead4abd8da192eda;hp=08555d19b9515ea2773a774e3403a0287e74fbdd;hpb=dd7b95c2cffe7e33f32d841ed8950e09b44b853d;p=quix0rs-gnu-social.git diff --git a/install.php b/install.php index 08555d19b9..9b0d19882c 100644 --- a/install.php +++ b/install.php @@ -31,6 +31,7 @@ * @author Sarven Capadisli * @author Tom Adams * @author Zach Copley + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license GNU Affero General Public License http://www.gnu.org/licenses/ * @version 0.9.x * @link http://status.net @@ -44,13 +45,61 @@ require INSTALLDIR . '/lib/installer.php'; * Helper class for building form */ class Posted { + /** + * HTML-friendly escaped string for the POST param of given name, or empty. + * @param string $name + * @return string + */ function value($name) + { + return htmlspecialchars($this->string($name)); + } + + /** + * The given POST parameter value, forced to a string. + * Missing value will give ''. + * + * @param string $name + * @return string + */ + function string($name) + { + return strval($this->raw($name)); + } + + /** + * The given POST parameter value, in its original form. + * Magic quotes are stripped, if provided. + * Missing value will give null. + * + * @param string $name + * @return mixed + */ + function raw($name) { if (isset($_POST[$name])) { - return htmlspecialchars(strval($_POST[$name])); + return $this->dequote($_POST[$name]); } else { - return ''; + return null; + } + } + + /** + * If necessary, strip magic quotes from the given value. + * + * @param mixed $val + * @return mixed + */ + function dequote($val) + { + if (get_magic_quotes_gpc()) { + if (is_string($val)) { + return stripslashes($val); + } else if (is_array($val)) { + return array_map(array($this, 'dequote'), $val); + } } + return $val; } } @@ -106,11 +155,7 @@ class WebInstaller extends Installer global $dbModules; $post = new Posted(); $dbRadios = ''; - if (isset($_POST['dbtype'])) { - $dbtype = $_POST['dbtype']; - } else { - $dbtype = null; - } + $dbtype = $post->raw('dbtype'); foreach (self::$dbModules as $type => $info) { if ($this->checkExtension($info['check_module'])) { if ($dbtype == null || $dbtype == $type) { @@ -244,19 +289,20 @@ STR; */ function prepare() { - $this->host = $_POST['host']; - $this->dbtype = $_POST['dbtype']; - $this->database = $_POST['database']; - $this->username = $_POST['dbusername']; - $this->password = $_POST['dbpassword']; - $this->sitename = $_POST['sitename']; - $this->fancy = !empty($_POST['fancy']); + $post = new Posted(); + $this->host = $post->string('host'); + $this->dbtype = $post->string('dbtype'); + $this->database = $post->string('database'); + $this->username = $post->string('dbusername'); + $this->password = $post->string('dbpassword'); + $this->sitename = $post->string('sitename'); + $this->fancy = (bool)$post->string('fancy'); - $this->adminNick = strtolower($_POST['admin_nickname']); - $this->adminPass = $_POST['admin_password']; - $adminPass2 = $_POST['admin_password2']; - $this->adminEmail = $_POST['admin_email']; - $this->adminUpdates = $_POST['admin_updates']; + $this->adminNick = strtolower($post->string('admin_nickname')); + $this->adminPass = $post->string('admin_password'); + $adminPass2 = $post->string('admin_password2'); + $this->adminEmail = $post->string('admin_email'); + $this->adminUpdates = $post->string('admin_updates'); $this->server = $_SERVER['HTTP_HOST']; $this->path = substr(dirname($_SERVER['PHP_SELF']), 1);