security: Security Patch to deal with reported vulnerabilties (#7164)

* WIP: Security Patch * Update install.php Styling fix * Update install.php * Update dbFacile.php * Fix whitespace
2024-10-07 16:52:45 +00:00 · 2017-08-18 20:29:12 +00:00
parent 3ed5aca8b4
commit d3094fa657
2 changed files with 5 additions and 2 deletions
--- a/html/install.php
+++ b/html/install.php
@@ -2,7 +2,7 @@
 session_start();
 if (empty($_POST) && !empty($_SESSION) && !isset($_REQUEST['stage'])) {
    $_POST = $_SESSION;
-} else {
+} elseif (!file_exists("../config.php")) {
    $_SESSION = array_replace($_SESSION, $_POST);
 }

@@ -52,7 +52,9 @@ $add_email = @$_POST['add_email'] ?: '';
 // Check we can connect to MySQL DB, if not, back to stage 1 :)
 if ($stage > 1) {
    try {
-        dbConnect();
+        if ($stage != 6) {
+            dbConnect();
+        }
        if ($stage == 2 && $_SESSION['build-ok'] == true) {
            $stage = 3;
            $msg = "It appears that the database is already setup so have moved onto stage $stage";
--- a/includes/dbFacile.php
+++ b/includes/dbFacile.php
@@ -58,6 +58,7 @@ function dbConnect($host = null, $user = '', $password = '', $database = '', $po
    $socket = empty($socket) ? $config['db_socket'] : $socket;

    $database_link = mysqli_connect('p:' . $host, $user, $password, null, $port, $socket);
+    mysqli_options($database_link, MYSQLI_OPT_LOCAL_INFILE, false);
    if ($database_link === false) {
        $error = mysqli_connect_error();
        if ($error == 'No such file or directory') {