Bugfix: Ensure confidentiality of database password.

Reported by Michael Schiessl

app/install/install_manual.php

@@ -50,23 +50,24 @@
 		<pre>
 <?php
 
-$esc_user = addcslashes($db['user'],"'");
-$esc_pass = addcslashes($db['pass'],"'");
-$webhost  = is_string($db['webhost']) && strlen($db['webhost']) ? addcslashes($db['webhost'],"'") : 'localhost';
+$esc_user = escape_input($db['user']);
+$esc_pass = escape_input(_("<YOUR SECRET PASSWORD FROM config.php>"));
+$esc_webhost = is_string($db['webhost']) && strlen($db['webhost']) ? escape_input($db['webhost']) : 'localhost';
+$db_name  = escape_input($db['name']);
 
 $file  = "# Create phpipam database\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "CREATE DATABASE $db[name];\n\n";
+$file .= "CREATE DATABASE $db_name;\n\n";
 
 $file .= "# Set permissions for phpipam user\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "CREATE USER '$esc_user'@'$webhost' IDENTIFIED BY '$esc_pass';\n";
-$file .= "GRANT ALL ON $db[name].* TO '$esc_user'@'$webhost';\n";
+$file .= "CREATE USER '$esc_user'@'$esc_webhost' IDENTIFIED BY '$esc_pass';\n";
+$file .= "GRANT ALL ON $db_name.* TO '$esc_user'@'$esc_webhost';\n";
 $file .= "FLUSH PRIVILEGES;\n\n";
 
 $file .= "# Select created database\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "USE `$db[name]`;\n\n\n";
+$file .= "USE `$db_name`;\n\n\n";
 
 $file .= "# Create tables and import data\n";
 $file .= "# ------------------------------------------------------------\n\n\n\n";

app/install/install_mysqlimport.php

@@ -27,12 +27,12 @@
 				</li>
 
 				<li><?php print _("Create database"); ?>
-					<pre>CREATE DATABASE `<?php print $db['name']; ?>`;
+					<pre>CREATE DATABASE `<?php print escape_input($db['name']); ?>`;
 exit</pre>
 				</li>
 
 				<li><?php print _("Import SQL file"); ?>
-					<pre>mysql -u root -p <?php print $db['name']; ?> &lt; db/<?php print $filename;?>.sql</pre>
+					<pre>mysql -u root -p <?php print escape_input($db['name']); ?> &lt; db/<?php print $filename;?>.sql</pre>
 				</li>
 
 				<?php
@@ -50,13 +50,15 @@
 
 				<li><?php print _("Set permissions for phpipam user"); ?>
 				<pre><?php
-					$esc_user = addcslashes($db['user'],"'");
-					$esc_pass = addcslashes($db['pass'],"'");
-					$db_name  = $db['name'];
-					$webhost  = is_string($db['webhost']) && strlen($db['webhost']) > 0 ? addcslashes($db['webhost'],"'") : 'localhost';
+					$esc_user = escape_input($db['user']);
+					$esc_pass = escape_input(_("<YOUR SECRET PASSWORD FROM config.php>"));
+					$esc_webhost = is_string($db['webhost']) && strlen($db['webhost']) ? escape_input($db['webhost']) : 'localhost';
+					$db_name  = escape_input($db['name']);
 
-					print "CREATE USER '$esc_user'@'$webhost' IDENTIFIED BY '$esc_pass'; <br>";
-					print "GRANT ALL ON `$db_name`.* TO '$esc_user'@'$webhost'; <br>";
+					print "# Set permissions for phpipam user <br>";
+					print "# ------------------------------------------------------------ <br>";
+					print "CREATE USER '$esc_user'@'$esc_webhost' IDENTIFIED BY '$esc_pass'; <br>";
+					print "GRANT ALL ON $db_name.* TO '$esc_user'@'$esc_webhost'; <br>";
 					print "FLUSH PRIVILEGES; <br>";
 				?></pre>
 				</li>

misc/CHANGELOG

@@ -6,6 +6,7 @@
     + XSS (reflected) by invalid email address response;
     + XSS and LDAP injection in ad-search-result.php;
     + Restrict find_full_subnets.php to CLI;
+    + Ensure confidentiality of database password;
 
 == 1.5.0