Fixes #4994 validating db table prefix

diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 775bbf5b63f5976022b1a5a38b668390392870d2..93716f7cd957f32add4ee273aefdb2d7a88a63b1 100644 (file)
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1148,11 +1148,21 @@ class ElggInstaller {
                foreach ($formVars as $field => $info) {
                        if ($info['required'] == TRUE && !$submissionVars[$field]) {
                                $name = elgg_echo("install:database:label:$field");
-                               register_error("$name is required");
+                               register_error(elgg_echo('install:error:requiredfield', array($name)));
                                return FALSE;
                        }
                }
 
+               // according to postgres documentation: SQL identifiers and key words must
+               // begin with a letter (a-z, but also letters with diacritical marks and
+               // non-Latin letters) or an underscore (_). Subsequent characters in an
+               // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+               // Refs #4994
+               if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+                       register_error(elgg_echo('install:error:database_prefix'));
+                       return FALSE;
+               }
+
                return $this->checkDatabaseSettings(
                                        $submissionVars['dbuser'],
                                        $submissionVars['dbpassword'],

diff --git a/install/languages/en.php b/install/languages/en.php
index b2583fbc99961bb9822640ada6ac6d81a85adbec..531379b1ece0da2867b35068f982a3611212464a 100644 (file)
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -124,6 +124,7 @@ If you are ready to proceed, click the Next button.",
        'install:error:htaccess' => 'Unable to create an .htaccess',
        'install:error:settings' => 'Unable to create the settings file',
        'install:error:databasesettings' => 'Unable to connect to the database with these settings.',
+       'install:error:database_prefix' => 'Invalid characters in database prefix',
        'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.',
        'install:error:nodatabase' => 'Unable to use database %s. It may not exist.',
        'install:error:cannotloadtables' => 'Cannot load the database tables',
@@ -131,7 +132,7 @@ If you are ready to proceed, click the Next button.",
        'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php',
        'install:error:writesettingphp' => 'Unable to write engine/settings.php',
        'install:error:requiredfield' => '%s is required',
-       'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory',
+       'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory',
        'install:error:datadirectoryexists' => 'Your data directory %s does not exist.',
        'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
        'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',