leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restore safe connection quoting

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 12:54:31 +00:00
parent 57a81bbed0
commit d2562a25df
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
includes/database.php
View File

@@ -5,10 +5,10 @@ namespace Kabano;
function sql_connect() { function sql_connect() {
global $config; global $config;
$connection = "host='".pg_escape_string((string)$config['SQL_host'])."'" $connection = "host=".sql_escape_connection_value($config['SQL_host'])
." dbname='".pg_escape_string((string)$config['SQL_db'])."'" ." dbname=".sql_escape_connection_value($config['SQL_db'])
." user='".pg_escape_string((string)$config['SQL_user'])."'" ." user=".sql_escape_connection_value($config['SQL_user'])
." password='".pg_escape_string((string)$config['SQL_pass'])."'"; ." password=".sql_escape_connection_value($config['SQL_pass']);
$con = pg_connect($connection); $con = pg_connect($connection);
if (!$con) { if (!$con) {
@@ -20,4 +20,11 @@ function sql_connect() {
return $con; return $con;
} }
function sql_escape_connection_value($value) {
$value = (string)$value;
$value = str_replace("\0", '', $value);
$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value);
return "'".$value."'";
}
?> ?>