• Registered: 2005-12-07
  • Posts: 8

Topic: missing escaping in installer

Hey there,
just installed punBB 1.2.11 yesterday and used a SQL password containing a '
and so I got the line
$db_password = 'my cool'password';
which of course resulted in a blank page. took my quite some time to figure it out.

So the installer should check for any ' in the given fields and escape them before outputting the config.php sample - as you can easily overlook sth like this.

Cheers.

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: missing escaping in installer

Thanks, I'll fix it for the next release.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website