CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#12437] Installer won't allow "<" symbol in database password

avatar
Created By: Matt Hornsby (DIGI3) (DIGI3)
Date Submitted: Fri Apr 09 15:57:15 -0400 2021

Assigned To:
Version: 2.2.15
CMSMS Version: 2.2.15
Severity: Minor
Resolution: Fixed
State: Open
Summary:
Installer won't allow "<" symbol in database password
Detailed Description:
Installer won't allow "<" symbol in database password, gives invalid credentials
error message.


History

Comments
avatar 
Date: 2021-04-10 04:22
Posted By: Ruud van der Velden (ruudvdvelden)

phar_installer\app\wizard\class.wizard_step4.php: line 131
$this->_config['dbpass'] =
trim(\__appbase\utils::clean_string($_POST['dbpass']));


phar_installer\lib\classes\base\class.utils.php: line 69

    public static function clean_string($val)
    {
        if( !$val ) return $val;
        $val = (string) $val;
        $val = preg_replace("/\\\$/", "$", $val);
        $val = preg_replace("/\r/", "", $val);
        $val = str_replace("!", "!", $val);
        $val = str_replace("'", "'", $val);
        return strip_tags($val);
    }

strip_tags is the culprit here.
Example:

php > echo strip_tags('rando<m string');
rando
php >
avatar 
Date: 2021-06-12 05:07
Posted By: Ruud van der Velden (ruudvdvelden)

Fixed in svn for 2.2.16. Installer won't touch the password from input anymore.
Updates

Updated: 2021-06-12 12:07
resolution_id: 5 => 7
severity_id: 12 => 3

Updated: 2021-04-10 04:22
resolution_id: => 5