From c65cc1894877c2a6fd3ee8fef1d36bfb4e21487c Mon Sep 17 00:00:00 2001 From: HB9HIL Date: Sun, 10 Mar 2024 11:20:16 +0100 Subject: [PATCH] better approach --- application/config/config.sample.php | 84 +++++++++++++------------- application/config/database.sample.php | 24 ++++---- install/config/config.php | 84 +++++++++++++------------- install/config/database.php | 24 ++++---- install/includes/core_class.php | 5 +- install/index.php | 6 -- 6 files changed, 112 insertions(+), 115 deletions(-) diff --git a/application/config/config.sample.php b/application/config/config.sample.php index 020aa8e25..04f40a5f8 100644 --- a/application/config/config.sample.php +++ b/application/config/config.sample.php @@ -12,9 +12,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | 'callbook' Selects which Callbook lookup to use defaults "hamqth" but supports "qrz" */ -$config['app_name'] = "Wavelog"; -$config['directory'] = "logbook"; -$config['callbook'] = "hamqth"; // Options are hamqth or qrz +$config['app_name'] = 'Wavelog'; +$config['directory'] = 'logbook'; +$config['callbook'] = 'hamqth'; // Options are hamqth or qrz $config['datadir'] = null; // default to install directory @@ -28,8 +28,8 @@ $config['datadir'] = null; // default to install directory | 'display_freq' Show or Hide frequnecy info */ -$config['table_name'] = "TABLE_HRD_CONTACTS_V01"; -$config['locator'] = ""; +$config['table_name'] = 'TABLE_HRD_CONTACTS_V01'; +$config['locator'] = ''; $config['display_freq'] = true; /* @@ -42,8 +42,8 @@ $config['display_freq'] = true; | 'use_fullname' Get full names from QRZ, may not be GDPR compliant */ -$config['qrz_username'] = ""; -$config['qrz_password'] = ""; +$config['qrz_username'] = ''; +$config['qrz_password'] = ''; $config['use_fullname'] = false; /* @@ -54,8 +54,8 @@ $config['use_fullname'] = false; | 'hamqth_username' HamQTH user login | 'hamqth_password' HamQTH user password */ -$config['hamqth_username'] = ""; -$config['hamqth_password'] = ""; +$config['hamqth_username'] = ''; +$config['hamqth_password'] = ''; /* |-------------------------------------------------------------------------- @@ -70,11 +70,11 @@ $config['hamqth_password'] = ""; */ $config['use_auth'] = true; -$config['auth_table'] = "users"; -$config['auth_mode'] = "3"; +$config['auth_table'] = 'users'; +$config['auth_mode'] = '3'; -$config['auth_level'][3] = "Operator"; -$config['auth_level'][99] = "Administrator"; +$config['auth_level'][3] = 'Operator'; +$config['auth_level'][99] = 'Administrator'; /* |-------------------------------------------------------------------------- @@ -98,7 +98,7 @@ $config['auth_level'][99] = "Administrator"; | a PHP script and you can easily do that on your own. | */ -$config['base_url'] = "http://localhost/logbook"; +$config['base_url'] = 'http://localhost/logbook'; /* |-------------------------------------------------------------------------- @@ -110,7 +110,7 @@ $config['base_url'] = "http://localhost/logbook"; | variable so that it is blank. | */ -$config['index_page'] = "index.php"; +$config['index_page'] = 'index.php'; /* |-------------------------------------------------------------------------- @@ -127,7 +127,7 @@ $config['index_page'] = "index.php"; | | WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ -$config['uri_protocol'] = "REQUEST_URI"; +$config['uri_protocol'] = 'REQUEST_URI'; /* |-------------------------------------------------------------------------- @@ -139,7 +139,7 @@ $config['uri_protocol'] = "REQUEST_URI"; | | https://codeigniter.com/user_guide/general/urls.html */ -$config['url_suffix'] = ""; +$config['url_suffix'] = ''; /* |-------------------------------------------------------------------------- @@ -151,7 +151,7 @@ $config['url_suffix'] = ""; | than english. | */ -$lang = "english"; // this language will be used per default +$lang = 'english'; // this language will be used per default if (isset($_COOKIE["language"])) { $tmp_value = $_COOKIE["language"]; @@ -218,7 +218,7 @@ $config['cl_multilanguage']=true; | See http://php.net/htmlspecialchars for a list of supported charsets. | */ -$config['charset'] = "UTF-8"; +$config['charset'] = 'UTF-8'; /* |-------------------------------------------------------------------------- @@ -243,7 +243,7 @@ $config['enable_hooks'] = FALSE; | https://codeigniter.com/user_guide/general/creating_libraries.html | */ -$config['subclass_prefix'] = "MY_"; +$config['subclass_prefix'] = 'MY_'; /* |-------------------------------------------------------------------------- @@ -258,7 +258,7 @@ $config['subclass_prefix'] = "MY_"; | Or if you have your vendor/ directory located somewhere else, you | can opt to set a specific path as well: | -| $config['composer_autoload'] = "/path/to/vendor/autoload.php"; +| $config['composer_autoload'] = '/path/to/vendor/autoload.php'; | | For more information about Composer, please visit http://getcomposer.org/ | @@ -287,7 +287,7 @@ $config['composer_autoload'] = FALSE; | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ -$config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; +$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; /* |-------------------------------------------------------------------------- @@ -312,9 +312,9 @@ $config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; | */ $config['enable_query_strings'] = FALSE; -$config['controller_trigger'] = "c"; -$config['function_trigger'] = "m"; -$config['directory_trigger'] = "d"; +$config['controller_trigger'] = 'c'; +$config['function_trigger'] = 'm'; +$config['directory_trigger'] = 'd'; /* |-------------------------------------------------------------------------- @@ -363,7 +363,7 @@ $config['log_threshold'] = 0; | application/logs/ directory. Use a full server path with trailing slash. | */ -$config['log_path'] = ""; +$config['log_path'] = ''; /* |-------------------------------------------------------------------------- @@ -390,7 +390,7 @@ $config['one_log'] = false; | Note: Leaving it blank will default to 'php'. | */ -$config['log_file_extension'] = ""; +$config['log_file_extension'] = ''; /* |-------------------------------------------------------------------------- @@ -413,7 +413,7 @@ $config['log_file_permissions'] = 0644; | codes to set your own date formatting | */ -$config['log_date_format'] = "Y-m-d H:i:s"; +$config['log_date_format'] = 'Y-m-d H:i:s'; /* |-------------------------------------------------------------------------- @@ -424,7 +424,7 @@ $config['log_date_format'] = "Y-m-d H:i:s"; | application/views/errors/ directory. Use a full server path with trailing slash. | */ -$config['error_views_path'] = ""; +$config['error_views_path'] = ''; /* |-------------------------------------------------------------------------- @@ -435,7 +435,7 @@ $config['error_views_path'] = ""; | application/cache/ directory. Use a full server path with trailing slash. | */ -$config['cache_path'] = ""; +$config['cache_path'] = ''; /* |-------------------------------------------------------------------------- @@ -466,7 +466,7 @@ $config['cache_query_string'] = FALSE; | https://codeigniter.com/user_guide/libraries/encryption.html | */ -$config['encryption_key'] = "flossie1234555541"; +$config['encryption_key'] = 'flossie1234555541'; /* |-------------------------------------------------------------------------- @@ -519,10 +519,10 @@ $config['encryption_key'] = "flossie1234555541"; | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ -$config['sess_driver'] = "files"; -$config['sess_cookie_name'] = "ci_wavelog"; +$config['sess_driver'] = 'files'; +$config['sess_cookie_name'] = 'ci_wavelog'; $config['sess_expiration'] = 0; -$config['sess_save_path'] = "/tmp"; +$config['sess_save_path'] = '/tmp'; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; @@ -542,9 +542,9 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_httponly') will also affect sessions. | */ -$config['cookie_prefix'] = ""; -$config['cookie_domain'] = ""; -$config['cookie_path'] = "/"; +$config['cookie_prefix'] = ''; +$config['cookie_domain'] = ''; +$config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; @@ -591,8 +591,8 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; -$config['csrf_token_name'] = "csrf_test_name"; -$config['csrf_cookie_name'] = "csrf_cookie_name"; +$config['csrf_token_name'] = 'csrf_test_name'; +$config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array(); @@ -630,7 +630,7 @@ $config['compress_output'] = FALSE; | helper' page of the user guide for information regarding date handling. | */ -$config['time_reference'] = "UTC"; +$config['time_reference'] = 'UTC'; date_default_timezone_set($config['time_reference']); /* @@ -663,7 +663,7 @@ $config['rewrite_short_tags'] = FALSE; | Comma-separated: '10.0.1.200,192.168.5.0/24' | Array: array('10.0.1.200', '192.168.5.0/24') */ -$config['proxy_ips'] = ""; +$config['proxy_ips'] = ''; /* |-------------------------------------------------------------------------- @@ -676,4 +676,4 @@ $config['proxy_ips'] = ""; | */ -$config['userdata'] = "userdata"; +$config['userdata'] = 'userdata'; diff --git a/application/config/database.sample.php b/application/config/database.sample.php index e505fce77..29626bdab 100644 --- a/application/config/database.sample.php +++ b/application/config/database.sample.php @@ -70,26 +70,26 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | The $query_builder variables lets you determine whether or not to load | the query builder class. */ -$active_group = "default"; +$active_group = 'default'; $query_builder = TRUE; $db['default'] = array( // The following values will probably need to be changed. - 'dsn' => "", - 'hostname' => "localhost", - 'username' => "root", - 'password' => "", - 'database' => "log", + 'dsn' => '', + 'hostname' => 'localhost', + 'username' => 'root', + 'password' => '', + 'database' => 'log', // The following values can probably stay the same. - 'dbdriver' => "mysqli", - 'dbprefix' => "", + 'dbdriver' => 'mysqli', + 'dbprefix' => '', 'pconnect' => TRUE, 'db_debug' => (ENVIRONMENT !== 'production'), 'cache_on' => FALSE, - 'cachedir' => "", - 'char_set' => "utf8mb4", - 'dbcollat' => "utf8mb4_general_ci", - 'swap_pre' => "", + 'cachedir' => '', + 'char_set' => 'utf8mb4', + 'dbcollat' => 'utf8mb4_general_ci', + 'swap_pre' => '', 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, diff --git a/install/config/config.php b/install/config/config.php index 8399c16cb..0b8751c86 100644 --- a/install/config/config.php +++ b/install/config/config.php @@ -12,9 +12,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | 'callbook' Selects which Callbook lookup to use defaults "hamqth" but supports "qrz" */ -$config['app_name'] = "Wavelog"; -$config['directory'] = "/%directory%"; -$config['callbook'] = "%callbook%"; // Options are hamqth or qrz +$config['app_name'] = 'Wavelog'; +$config['directory'] = '/%directory%'; +$config['callbook'] = '%callbook%'; // Options are hamqth or qrz $config['datadir'] = null; // default to install directory @@ -28,8 +28,8 @@ $config['datadir'] = null; // default to install directory | 'display_freq' Show or Hide frequnecy info */ -$config['table_name'] = "TABLE_HRD_CONTACTS_V01"; -$config['locator'] = "%baselocator%"; +$config['table_name'] = 'TABLE_HRD_CONTACTS_V01'; +$config['locator'] = '%baselocator%'; $config['display_freq'] = true; /* @@ -42,8 +42,8 @@ $config['display_freq'] = true; | 'use_fullname' Get full names from QRZ, may not be GDPR compliant */ -$config['qrz_username'] = "%qrz_username%"; -$config['qrz_password'] = "%qrz_password%"; +$config['qrz_username'] = '%qrz_username%'; +$config['qrz_password'] = '%qrz_password%'; $config['use_fullname'] = false; /* @@ -54,8 +54,8 @@ $config['use_fullname'] = false; | 'hamqth_username' HamQTH user login | 'hamqth_password' HamQTH user password */ -$config['hamqth_username'] = "%hamqth_username%"; -$config['hamqth_password'] = "%hamqth_password%"; +$config['hamqth_username'] = '%hamqth_username%'; +$config['hamqth_password'] = '%hamqth_password%'; /* |-------------------------------------------------------------------------- @@ -70,11 +70,11 @@ $config['hamqth_password'] = "%hamqth_password%"; */ $config['use_auth'] = true; -$config['auth_table'] = "users"; -$config['auth_mode'] = "3"; +$config['auth_table'] = 'users'; +$config['auth_mode'] = '3'; -$config['auth_level'][3] = "Operator"; -$config['auth_level'][99] = "Administrator"; +$config['auth_level'][3] = 'Operator'; +$config['auth_level'][99] = 'Administrator'; /* |-------------------------------------------------------------------------- @@ -98,7 +98,7 @@ $config['auth_level'][99] = "Administrator"; | a PHP script and you can easily do that on your own. | */ -$config['base_url'] = "%websiteurl%"; +$config['base_url'] = '%websiteurl%'; /* |-------------------------------------------------------------------------- @@ -110,7 +110,7 @@ $config['base_url'] = "%websiteurl%"; | variable so that it is blank. | */ -$config['index_page'] = "index.php"; +$config['index_page'] = 'index.php'; /* |-------------------------------------------------------------------------- @@ -127,7 +127,7 @@ $config['index_page'] = "index.php"; | | WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ -$config['uri_protocol'] = "REQUEST_URI"; +$config['uri_protocol'] = 'REQUEST_URI'; /* |-------------------------------------------------------------------------- @@ -139,7 +139,7 @@ $config['uri_protocol'] = "REQUEST_URI"; | | https://codeigniter.com/user_guide/general/urls.html */ -$config['url_suffix'] = ""; +$config['url_suffix'] = ''; /* |-------------------------------------------------------------------------- @@ -151,7 +151,7 @@ $config['url_suffix'] = ""; | than english. | */ -$lang = "english"; // this language will be used per default +$lang = 'english'; // this language will be used per default if (isset($_COOKIE["language"])) { $tmp_value = $_COOKIE["language"]; @@ -218,7 +218,7 @@ $config['cl_multilanguage']=true; | See http://php.net/htmlspecialchars for a list of supported charsets. | */ -$config['charset'] = "UTF-8"; +$config['charset'] = 'UTF-8'; /* |-------------------------------------------------------------------------- @@ -243,7 +243,7 @@ $config['enable_hooks'] = FALSE; | https://codeigniter.com/user_guide/general/creating_libraries.html | */ -$config['subclass_prefix'] = "MY_"; +$config['subclass_prefix'] = 'MY_'; /* |-------------------------------------------------------------------------- @@ -258,7 +258,7 @@ $config['subclass_prefix'] = "MY_"; | Or if you have your vendor/ directory located somewhere else, you | can opt to set a specific path as well: | -| $config['composer_autoload'] = "/path/to/vendor/autoload.php"; +| $config['composer_autoload'] = '/path/to/vendor/autoload.php'; | | For more information about Composer, please visit http://getcomposer.org/ | @@ -287,7 +287,7 @@ $config['composer_autoload'] = FALSE; | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ -$config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; +$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; /* |-------------------------------------------------------------------------- @@ -312,9 +312,9 @@ $config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; | */ $config['enable_query_strings'] = FALSE; -$config['controller_trigger'] = "c"; -$config['function_trigger'] = "m"; -$config['directory_trigger'] = "d"; +$config['controller_trigger'] = 'c'; +$config['function_trigger'] = 'm'; +$config['directory_trigger'] = 'd'; /* |-------------------------------------------------------------------------- @@ -363,7 +363,7 @@ $config['log_threshold'] = 0; | application/logs/ directory. Use a full server path with trailing slash. | */ -$config['log_path'] = ""; +$config['log_path'] = ''; /* |-------------------------------------------------------------------------- @@ -390,7 +390,7 @@ $config['one_log'] = false; | Note: Leaving it blank will default to 'php'. | */ -$config['log_file_extension'] = ""; +$config['log_file_extension'] = ''; /* |-------------------------------------------------------------------------- @@ -413,7 +413,7 @@ $config['log_file_permissions'] = 0644; | codes to set your own date formatting | */ -$config['log_date_format'] = "Y-m-d H:i:s"; +$config['log_date_format'] = 'Y-m-d H:i:s'; /* |-------------------------------------------------------------------------- @@ -424,7 +424,7 @@ $config['log_date_format'] = "Y-m-d H:i:s"; | application/views/errors/ directory. Use a full server path with trailing slash. | */ -$config['error_views_path'] = ""; +$config['error_views_path'] = ''; /* |-------------------------------------------------------------------------- @@ -435,7 +435,7 @@ $config['error_views_path'] = ""; | application/cache/ directory. Use a full server path with trailing slash. | */ -$config['cache_path'] = ""; +$config['cache_path'] = ''; /* |-------------------------------------------------------------------------- @@ -466,7 +466,7 @@ $config['cache_query_string'] = FALSE; | https://codeigniter.com/user_guide/libraries/encryption.html | */ -$config['encryption_key'] = "flossie1234555541"; +$config['encryption_key'] = 'flossie1234555541'; /* |-------------------------------------------------------------------------- @@ -519,10 +519,10 @@ $config['encryption_key'] = "flossie1234555541"; | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ -$config['sess_driver'] = "files"; -$config['sess_cookie_name'] = "ci_wavelog"; +$config['sess_driver'] = 'files'; +$config['sess_cookie_name'] = 'ci_wavelog'; $config['sess_expiration'] = 0; -$config['sess_save_path'] = "/tmp"; +$config['sess_save_path'] = '/tmp'; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; @@ -542,9 +542,9 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_httponly') will also affect sessions. | */ -$config['cookie_prefix'] = ""; -$config['cookie_domain'] = ""; -$config['cookie_path'] = "/"; +$config['cookie_prefix'] = ''; +$config['cookie_domain'] = ''; +$config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; @@ -591,8 +591,8 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; -$config['csrf_token_name'] = "csrf_test_name"; -$config['csrf_cookie_name'] = "csrf_cookie_name"; +$config['csrf_token_name'] = 'csrf_test_name'; +$config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array(); @@ -630,7 +630,7 @@ $config['compress_output'] = FALSE; | helper' page of the user guide for information regarding date handling. | */ -$config['time_reference'] = "UTC"; +$config['time_reference'] = 'UTC'; date_default_timezone_set($config['time_reference']); /* @@ -663,7 +663,7 @@ $config['rewrite_short_tags'] = FALSE; | Comma-separated: '10.0.1.200,192.168.5.0/24' | Array: array('10.0.1.200', '192.168.5.0/24') */ -$config['proxy_ips'] = ""; +$config['proxy_ips'] = ''; /* |-------------------------------------------------------------------------- @@ -676,4 +676,4 @@ $config['proxy_ips'] = ""; | */ -$config['userdata'] = "userdata"; +$config['userdata'] = 'userdata'; diff --git a/install/config/database.php b/install/config/database.php index 9f43e4cbb..51fb34146 100644 --- a/install/config/database.php +++ b/install/config/database.php @@ -70,26 +70,26 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | The $query_builder variables lets you determine whether or not to load | the query builder class. */ -$active_group = "default"; +$active_group = 'default'; $query_builder = TRUE; $db['default'] = array( // The following values will probably need to be changed. - 'dsn' => "", - 'hostname' => "%HOSTNAME%", - 'username' => "%USERNAME%", - 'password' => "%PASSWORD%", - 'database' => "%DATABASE%", + 'dsn' => '', + 'hostname' => '%HOSTNAME%', + 'username' => '%USERNAME%', + 'password' => '%PASSWORD%', + 'database' => '%DATABASE%', // The following values can probably stay the same. - 'dbdriver' => "mysqli", - 'dbprefix' => "", + 'dbdriver' => 'mysqli', + 'dbprefix' => '', 'pconnect' => TRUE, 'db_debug' => (ENVIRONMENT !== 'production'), 'cache_on' => FALSE, - 'cachedir' => "", - 'char_set' => "utf8mb4", - 'dbcollat' => "utf8mb4_general_ci", - 'swap_pre' => "", + 'cachedir' => '', + 'char_set' => 'utf8mb4', + 'dbcollat' => 'utf8mb4_general_ci', + 'swap_pre' => '', 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, diff --git a/install/includes/core_class.php b/install/includes/core_class.php index f35f8ba17..6be516742 100644 --- a/install/includes/core_class.php +++ b/install/includes/core_class.php @@ -117,9 +117,12 @@ class Core // Open the file $database_file = file_get_contents($template_path); + // Sanitize DB Password from single quotes + $sanitized_db_pwd = preg_replace("/\'/i",'\\\'',$data['db_password']); + $new = str_replace("%HOSTNAME%", $data['db_hostname'], $database_file); $new = str_replace("%USERNAME%", $data['db_username'], $new); - $new = str_replace("%PASSWORD%", $data['db_password'], $new); + $new = str_replace("%PASSWORD%", $sanitized_db_pwd, $new); $new = str_replace("%DATABASE%", $data['db_name'], $new); // Write the new database.php file diff --git a/install/index.php b/install/index.php index 17ceaa5a2..cfceb6fdf 100644 --- a/install/index.php +++ b/install/index.php @@ -1108,12 +1108,6 @@ global $wavelog_url; return; } - if (db_hostname.includes('"') || db_username.includes('"') || db_password.includes('"') || db_name.includes('"')) { - $('#db_connection_testresult').addClass('alert-danger'); - $('#db_connection_testresult').html('Error: Input cannot contain double quotes (").'); - return; - } - if (db_hostname.includes('\\') || db_username.includes('\\') || db_password.includes('\\') || db_name.includes('\\')) { $('#db_connection_testresult').addClass('alert-danger'); $('#db_connection_testresult').html('Error: Input cannot contain a backslash (\\).');