Merge branch 'bugfix/install-config-escape' into 'develop'

Added escaping for install in config.tpl In the installation process, string like the one below should be a valid application name (or DB password). > Framadate c'est vraiment super ! "Datez" comme vous voulez \o/ It missed some escaping for single quote (') and backslash (\\), resulting in PHP parse errors. It should be cherry-picked to the `release` branch too. See merge request !136

Merge branch 'bugfix/install-config-escape' into 'develop'
Added escaping for install in config.tpl In the installation process, string like the one below should be a valid application name (or DB password). > Framadate c'est vraiment super ! "Datez" comme vous voulez \o/ It missed some escaping for single quote (') and backslash (\\), resulting in PHP parse errors. It should be cherry-picked to the `release` branch too. See merge request !136
0cf52c84 · Olivier Perez · b3ecf126 · 0cf52c84 · 0cf52c84
Commit 0cf52c84 authored 8 years ago by Olivier Perez
--- a/app/inc/smarty.php
+++ b/app/inc/smarty.php
@@ -64,6 +64,9 @@ function smarty_modifier_markdown($md, $clear = false) {
 function smarty_modifier_resource($link) {
    return Utils::get_server_name() . $link;
 }
+function smarty_modifier_addslashes_single_quote($string) {
+    return addcslashes($string, '\\\'');
+}

 function smarty_modifier_html($html) {
    return Utils::htmlEscape($html);

--- a/tpl/admin/config.tpl
+++ b/tpl/admin/config.tpl
@@ -23,7 +23,7 @@
 // const APP_URL = '<www.mydomain.fr>';

 // Application name
-const NOMAPPLICATION = '{$appName}';
+const NOMAPPLICATION = '{$appName|addslashes_single_quote}';

 // Database administrator email
 const ADRESSEMAILADMIN = '{$appMail}';
@@ -38,7 +38,7 @@ const DB_CONNECTION_STRING = '{$dbConnectionString}';
 const DB_USER= '{$dbUser}';

 // Database password
-const DB_PASSWORD = '{$dbPassword}';
+const DB_PASSWORD = '{$dbPassword|addslashes_single_quote}';

 // Table name prefix
 const TABLENAME_PREFIX = '{$dbPrefix}';