CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#8424] database password ending with \

avatar
Created By: Tomáš Havlas (tomas.havlas)
Date Submitted: Fri Sep 21 15:57:13 -0400 2012

Assigned To:
Version: 1.11.2
CMSMS Version: None
Severity: Trivial
Resolution: Fixed
State: Closed
Summary:
database password ending with \
Detailed Description:
Hello,

today I have found out that if password for database connection ends with \, cms
becomes unusable, because \ escapes ' inside config.php. There is not much
chance that someone will use password like this, but for instance if you have
automatically generated passwords (like me), there is some chance that it could
happen. I think there should be at least some warning, or just one simple chcek
if the password doesnt ends with  \.


History

Comments
avatar 
Date: 2012-11-01 11:18
Posted By: Robert Campbell (calguy1000)

There's no simple, or real way we can detect this.....   $config['something'] =
'foo\';  is a php syntax error.  There's no way we can 'check' for this in php.
avatar 
Date: 2012-11-01 11:33
Posted By: Tomáš Havlas (tomas.havlas)

Oh, yeah I'm aware of this, I meant some check in installation script where you
are asked for a password. I have meant there should be some check which will
disallow setting password ending with \, and maybe password containing ' should
be avoided too.
avatar 
Date: 2014-04-05 22:55
Posted By: Robert Campbell (calguy1000)

Fixed for 2.0
avatar 
Date: 2015-09-06 12:54
Posted By: Rolf (rolf1)

CMS Made Simple 2.0 is released
Updates

Updated: 2015-09-06 12:54
state: Open => Closed

Updated: 2014-04-05 22:55
resolution_id: 9 => 7
cmsms_version_id: 29778 => -1

Updated: 2012-11-01 11:18
resolution_id: => 9