Found Bug: Dollar signs are not escaped in database password

paulsop Joined: 2009-04-19 Posts: 1	Posted: Sun, 2009-04-19 02:03
	Applies to alpha-3 My database password had a $ in it, and while the tables created, I couldn't run the app (a runtime error). It appears that the system tries to do a variable lookup for what follows the $ in the database password I've set. To make it work for now I had to escape the $ with a \ in the var/database.php If this kind of substitution occurs elsewhere, it's going to be a security vulnerability for sure. Regards, Paul Sop
	XUser login Username: * Password: * Create new account Request new password
bharat Joined: 2002-05-21 Posts: 7994	Posted: Fri, 2009-04-24 00:00
	Ha, that's an interesting bug. I filed ticket #229 for it and fixed it in r20621. The fix will go out with the next release. This is a very unusual case in that the installer is creating a PHP file for execution. We don't do that elsewhere in the app.

XUser login