Security: Add filter for DB port in install scripts

ywarnier · ywarnier · commit dfae49f5dc39 · 2021-07-20T15:03:44.000+02:00
diff --git a/main/install/ajax.php b/main/install/ajax.php
@@ -46,7 +46,7 @@
     $dbName = null;
 }
 
-$dbPort = isset($_POST['db_port']) ? $_POST['db_port'] : 3306;
+$dbPort = isset($_POST['db_port']) ? (int) $_POST['db_port'] : 3306;
 
 $manager = connectToDatabase($dbHost, $dbUsername, $dbPass, $dbName, $dbPort);
 
diff --git a/main/install/index.php b/main/install/index.php
@@ -279,6 +279,7 @@
         $GLOBALS[$key] = $_POST[$key];
     }
 }
+$dbPortForm = (int) $dbPortForm;
 
 /* NEXT STEPS IMPLEMENTATION */
 

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@`
`46`	`46`	`$dbName = null;`
`47`	`47`	`}`
`48`	`48`
`49`		`-$dbPort = isset($_POST['db_port']) ? $_POST['db_port'] : 3306;`
	`49`	`+$dbPort = isset($_POST['db_port']) ? (int) $_POST['db_port'] : 3306;`
`50`	`50`
`51`	`51`	`$manager = connectToDatabase($dbHost, $dbUsername, $dbPass, $dbName, $dbPort);`
`52`	`52`