diff --git a/application/config/config.sample.php b/application/config/config.sample.php index 603cac21c..020aa8e25 100644 --- a/application/config/config.sample.php +++ b/application/config/config.sample.php @@ -98,7 +98,7 @@ $config['auth_level'][99] = "Administrator"; | a PHP script and you can easily do that on your own. | */ -$config['base_url'] = 'http://localhost/logbook'; +$config['base_url'] = "http://localhost/logbook"; /* |-------------------------------------------------------------------------- @@ -110,7 +110,7 @@ $config['base_url'] = 'http://localhost/logbook'; | variable so that it is blank. | */ -$config['index_page'] = 'index.php'; +$config['index_page'] = "index.php"; /* |-------------------------------------------------------------------------- @@ -127,7 +127,7 @@ $config['index_page'] = 'index.php'; | | WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ -$config['uri_protocol'] = 'REQUEST_URI'; +$config['uri_protocol'] = "REQUEST_URI"; /* |-------------------------------------------------------------------------- @@ -139,7 +139,7 @@ $config['uri_protocol'] = 'REQUEST_URI'; | | https://codeigniter.com/user_guide/general/urls.html */ -$config['url_suffix'] = ''; +$config['url_suffix'] = ""; /* |-------------------------------------------------------------------------- @@ -151,7 +151,7 @@ $config['url_suffix'] = ''; | than english. | */ -$lang = 'english'; // this language will be used per default +$lang = "english"; // this language will be used per default if (isset($_COOKIE["language"])) { $tmp_value = $_COOKIE["language"]; @@ -218,7 +218,7 @@ $config['cl_multilanguage']=true; | See http://php.net/htmlspecialchars for a list of supported charsets. | */ -$config['charset'] = 'UTF-8'; +$config['charset'] = "UTF-8"; /* |-------------------------------------------------------------------------- @@ -243,7 +243,7 @@ $config['enable_hooks'] = FALSE; | https://codeigniter.com/user_guide/general/creating_libraries.html | */ -$config['subclass_prefix'] = 'MY_'; +$config['subclass_prefix'] = "MY_"; /* |-------------------------------------------------------------------------- @@ -258,7 +258,7 @@ $config['subclass_prefix'] = 'MY_'; | Or if you have your vendor/ directory located somewhere else, you | can opt to set a specific path as well: | -| $config['composer_autoload'] = '/path/to/vendor/autoload.php'; +| $config['composer_autoload'] = "/path/to/vendor/autoload.php"; | | For more information about Composer, please visit http://getcomposer.org/ | @@ -287,7 +287,7 @@ $config['composer_autoload'] = FALSE; | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ -$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; +$config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; /* |-------------------------------------------------------------------------- @@ -312,9 +312,9 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | */ $config['enable_query_strings'] = FALSE; -$config['controller_trigger'] = 'c'; -$config['function_trigger'] = 'm'; -$config['directory_trigger'] = 'd'; +$config['controller_trigger'] = "c"; +$config['function_trigger'] = "m"; +$config['directory_trigger'] = "d"; /* |-------------------------------------------------------------------------- @@ -363,7 +363,7 @@ $config['log_threshold'] = 0; | application/logs/ directory. Use a full server path with trailing slash. | */ -$config['log_path'] = ''; +$config['log_path'] = ""; /* |-------------------------------------------------------------------------- @@ -390,7 +390,7 @@ $config['one_log'] = false; | Note: Leaving it blank will default to 'php'. | */ -$config['log_file_extension'] = ''; +$config['log_file_extension'] = ""; /* |-------------------------------------------------------------------------- @@ -413,7 +413,7 @@ $config['log_file_permissions'] = 0644; | codes to set your own date formatting | */ -$config['log_date_format'] = 'Y-m-d H:i:s'; +$config['log_date_format'] = "Y-m-d H:i:s"; /* |-------------------------------------------------------------------------- @@ -424,7 +424,7 @@ $config['log_date_format'] = 'Y-m-d H:i:s'; | application/views/errors/ directory. Use a full server path with trailing slash. | */ -$config['error_views_path'] = ''; +$config['error_views_path'] = ""; /* |-------------------------------------------------------------------------- @@ -435,7 +435,7 @@ $config['error_views_path'] = ''; | application/cache/ directory. Use a full server path with trailing slash. | */ -$config['cache_path'] = ''; +$config['cache_path'] = ""; /* |-------------------------------------------------------------------------- @@ -466,7 +466,7 @@ $config['cache_query_string'] = FALSE; | https://codeigniter.com/user_guide/libraries/encryption.html | */ -$config['encryption_key'] = 'flossie1234555541'; +$config['encryption_key'] = "flossie1234555541"; /* |-------------------------------------------------------------------------- @@ -519,10 +519,10 @@ $config['encryption_key'] = 'flossie1234555541'; | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ -$config['sess_driver'] = 'files'; -$config['sess_cookie_name'] = 'ci_wavelog'; +$config['sess_driver'] = "files"; +$config['sess_cookie_name'] = "ci_wavelog"; $config['sess_expiration'] = 0; -$config['sess_save_path'] = '/tmp'; +$config['sess_save_path'] = "/tmp"; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; @@ -542,9 +542,9 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_httponly') will also affect sessions. | */ -$config['cookie_prefix'] = ''; -$config['cookie_domain'] = ''; -$config['cookie_path'] = '/'; +$config['cookie_prefix'] = ""; +$config['cookie_domain'] = ""; +$config['cookie_path'] = "/"; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; @@ -591,8 +591,8 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; -$config['csrf_token_name'] = 'csrf_test_name'; -$config['csrf_cookie_name'] = 'csrf_cookie_name'; +$config['csrf_token_name'] = "csrf_test_name"; +$config['csrf_cookie_name'] = "csrf_cookie_name"; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array(); @@ -630,7 +630,7 @@ $config['compress_output'] = FALSE; | helper' page of the user guide for information regarding date handling. | */ -$config['time_reference'] = 'UTC'; +$config['time_reference'] = "UTC"; date_default_timezone_set($config['time_reference']); /* @@ -663,7 +663,7 @@ $config['rewrite_short_tags'] = FALSE; | Comma-separated: '10.0.1.200,192.168.5.0/24' | Array: array('10.0.1.200', '192.168.5.0/24') */ -$config['proxy_ips'] = ''; +$config['proxy_ips'] = ""; /* |-------------------------------------------------------------------------- diff --git a/application/config/database.sample.php b/application/config/database.sample.php index 29626bdab..e505fce77 100644 --- a/application/config/database.sample.php +++ b/application/config/database.sample.php @@ -70,26 +70,26 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | The $query_builder variables lets you determine whether or not to load | the query builder class. */ -$active_group = 'default'; +$active_group = "default"; $query_builder = TRUE; $db['default'] = array( // The following values will probably need to be changed. - 'dsn' => '', - 'hostname' => 'localhost', - 'username' => 'root', - 'password' => '', - 'database' => 'log', + 'dsn' => "", + 'hostname' => "localhost", + 'username' => "root", + 'password' => "", + 'database' => "log", // The following values can probably stay the same. - 'dbdriver' => 'mysqli', - 'dbprefix' => '', + 'dbdriver' => "mysqli", + 'dbprefix' => "", 'pconnect' => TRUE, 'db_debug' => (ENVIRONMENT !== 'production'), 'cache_on' => FALSE, - 'cachedir' => '', - 'char_set' => 'utf8mb4', - 'dbcollat' => 'utf8mb4_general_ci', - 'swap_pre' => '', + 'cachedir' => "", + 'char_set' => "utf8mb4", + 'dbcollat' => "utf8mb4_general_ci", + 'swap_pre' => "", 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, diff --git a/install/config/config.php b/install/config/config.php index 7afeda8c4..8399c16cb 100644 --- a/install/config/config.php +++ b/install/config/config.php @@ -98,7 +98,7 @@ $config['auth_level'][99] = "Administrator"; | a PHP script and you can easily do that on your own. | */ -$config['base_url'] = '%websiteurl%'; +$config['base_url'] = "%websiteurl%"; /* |-------------------------------------------------------------------------- @@ -110,7 +110,7 @@ $config['base_url'] = '%websiteurl%'; | variable so that it is blank. | */ -$config['index_page'] = 'index.php'; +$config['index_page'] = "index.php"; /* |-------------------------------------------------------------------------- @@ -127,7 +127,7 @@ $config['index_page'] = 'index.php'; | | WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! */ -$config['uri_protocol'] = 'REQUEST_URI'; +$config['uri_protocol'] = "REQUEST_URI"; /* |-------------------------------------------------------------------------- @@ -139,7 +139,7 @@ $config['uri_protocol'] = 'REQUEST_URI'; | | https://codeigniter.com/user_guide/general/urls.html */ -$config['url_suffix'] = ''; +$config['url_suffix'] = ""; /* |-------------------------------------------------------------------------- @@ -151,7 +151,7 @@ $config['url_suffix'] = ''; | than english. | */ -$lang = 'english'; // this language will be used per default +$lang = "english"; // this language will be used per default if (isset($_COOKIE["language"])) { $tmp_value = $_COOKIE["language"]; @@ -218,7 +218,7 @@ $config['cl_multilanguage']=true; | See http://php.net/htmlspecialchars for a list of supported charsets. | */ -$config['charset'] = 'UTF-8'; +$config['charset'] = "UTF-8"; /* |-------------------------------------------------------------------------- @@ -243,7 +243,7 @@ $config['enable_hooks'] = FALSE; | https://codeigniter.com/user_guide/general/creating_libraries.html | */ -$config['subclass_prefix'] = 'MY_'; +$config['subclass_prefix'] = "MY_"; /* |-------------------------------------------------------------------------- @@ -258,7 +258,7 @@ $config['subclass_prefix'] = 'MY_'; | Or if you have your vendor/ directory located somewhere else, you | can opt to set a specific path as well: | -| $config['composer_autoload'] = '/path/to/vendor/autoload.php'; +| $config['composer_autoload'] = "/path/to/vendor/autoload.php"; | | For more information about Composer, please visit http://getcomposer.org/ | @@ -287,7 +287,7 @@ $config['composer_autoload'] = FALSE; | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ -$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; +$config['permitted_uri_chars'] = "a-z 0-9~%.:_\-"; /* |-------------------------------------------------------------------------- @@ -312,9 +312,9 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | */ $config['enable_query_strings'] = FALSE; -$config['controller_trigger'] = 'c'; -$config['function_trigger'] = 'm'; -$config['directory_trigger'] = 'd'; +$config['controller_trigger'] = "c"; +$config['function_trigger'] = "m"; +$config['directory_trigger'] = "d"; /* |-------------------------------------------------------------------------- @@ -363,7 +363,7 @@ $config['log_threshold'] = 0; | application/logs/ directory. Use a full server path with trailing slash. | */ -$config['log_path'] = ''; +$config['log_path'] = ""; /* |-------------------------------------------------------------------------- @@ -390,7 +390,7 @@ $config['one_log'] = false; | Note: Leaving it blank will default to 'php'. | */ -$config['log_file_extension'] = ''; +$config['log_file_extension'] = ""; /* |-------------------------------------------------------------------------- @@ -413,7 +413,7 @@ $config['log_file_permissions'] = 0644; | codes to set your own date formatting | */ -$config['log_date_format'] = 'Y-m-d H:i:s'; +$config['log_date_format'] = "Y-m-d H:i:s"; /* |-------------------------------------------------------------------------- @@ -424,7 +424,7 @@ $config['log_date_format'] = 'Y-m-d H:i:s'; | application/views/errors/ directory. Use a full server path with trailing slash. | */ -$config['error_views_path'] = ''; +$config['error_views_path'] = ""; /* |-------------------------------------------------------------------------- @@ -435,7 +435,7 @@ $config['error_views_path'] = ''; | application/cache/ directory. Use a full server path with trailing slash. | */ -$config['cache_path'] = ''; +$config['cache_path'] = ""; /* |-------------------------------------------------------------------------- @@ -466,7 +466,7 @@ $config['cache_query_string'] = FALSE; | https://codeigniter.com/user_guide/libraries/encryption.html | */ -$config['encryption_key'] = 'flossie1234555541'; +$config['encryption_key'] = "flossie1234555541"; /* |-------------------------------------------------------------------------- @@ -519,10 +519,10 @@ $config['encryption_key'] = 'flossie1234555541'; | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ -$config['sess_driver'] = 'files'; -$config['sess_cookie_name'] = 'ci_wavelog'; +$config['sess_driver'] = "files"; +$config['sess_cookie_name'] = "ci_wavelog"; $config['sess_expiration'] = 0; -$config['sess_save_path'] = '/tmp'; +$config['sess_save_path'] = "/tmp"; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; @@ -542,9 +542,9 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_httponly') will also affect sessions. | */ -$config['cookie_prefix'] = ''; -$config['cookie_domain'] = ''; -$config['cookie_path'] = '/'; +$config['cookie_prefix'] = ""; +$config['cookie_domain'] = ""; +$config['cookie_path'] = "/"; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; @@ -591,8 +591,8 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; -$config['csrf_token_name'] = 'csrf_test_name'; -$config['csrf_cookie_name'] = 'csrf_cookie_name'; +$config['csrf_token_name'] = "csrf_test_name"; +$config['csrf_cookie_name'] = "csrf_cookie_name"; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = TRUE; $config['csrf_exclude_uris'] = array(); @@ -630,7 +630,7 @@ $config['compress_output'] = FALSE; | helper' page of the user guide for information regarding date handling. | */ -$config['time_reference'] = 'UTC'; +$config['time_reference'] = "UTC"; date_default_timezone_set($config['time_reference']); /* @@ -663,7 +663,7 @@ $config['rewrite_short_tags'] = FALSE; | Comma-separated: '10.0.1.200,192.168.5.0/24' | Array: array('10.0.1.200', '192.168.5.0/24') */ -$config['proxy_ips'] = ''; +$config['proxy_ips'] = ""; /* |-------------------------------------------------------------------------- diff --git a/install/config/database.php b/install/config/database.php index 51fb34146..9f43e4cbb 100644 --- a/install/config/database.php +++ b/install/config/database.php @@ -70,26 +70,26 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | The $query_builder variables lets you determine whether or not to load | the query builder class. */ -$active_group = 'default'; +$active_group = "default"; $query_builder = TRUE; $db['default'] = array( // The following values will probably need to be changed. - 'dsn' => '', - 'hostname' => '%HOSTNAME%', - 'username' => '%USERNAME%', - 'password' => '%PASSWORD%', - 'database' => '%DATABASE%', + 'dsn' => "", + 'hostname' => "%HOSTNAME%", + 'username' => "%USERNAME%", + 'password' => "%PASSWORD%", + 'database' => "%DATABASE%", // The following values can probably stay the same. - 'dbdriver' => 'mysqli', - 'dbprefix' => '', + 'dbdriver' => "mysqli", + 'dbprefix' => "", 'pconnect' => TRUE, 'db_debug' => (ENVIRONMENT !== 'production'), 'cache_on' => FALSE, - 'cachedir' => '', - 'char_set' => 'utf8mb4', - 'dbcollat' => 'utf8mb4_general_ci', - 'swap_pre' => '', + 'cachedir' => "", + 'char_set' => "utf8mb4", + 'dbcollat' => "utf8mb4_general_ci", + 'swap_pre' => "", 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, diff --git a/install/index.php b/install/index.php index 0ae86c0f7..5874191b8 100644 --- a/install/index.php +++ b/install/index.php @@ -1108,6 +1108,12 @@ global $wavelog_url; return; } + if (db_hostname.includes('"') || db_username.includes('"') || db_password.includes('"') || db_name.includes('"')) { + $('#db_connection_testresult').addClass('alert-danger'); + $('#db_connection_testresult').html('Error: Input cannot contain double quotes (").'); + return; + } + var originalButtonText = $('#db_connection_test_button').html(); $('#db_connection_test_button').html(' Connecting...').prop('disabled', true);