Security: Sanitize main database name in Virtual.php to prevent unsafe inputs

AngelFQC · AngelFQC · commit e343c764493b · 2025-04-15T15:11:11.000-05:00
diff --git a/plugin/vchamilo/lib/Virtual.php b/plugin/vchamilo/lib/Virtual.php
@@ -954,6 +954,8 @@ public static function addInstance(stdClass $data)
             $template = '';
         }
 
+        $data->main_database = Database::clearDatabaseName($data->main_database);
+
         $mainDatabase = api_get_configuration_value('main_database');
 
         if ($mainDatabase == $data->main_database) {
@@ -964,7 +966,7 @@ public static function addInstance(stdClass $data)
             return;
         }
 
-        $databaseName = Database::clearDatabaseName($data->main_database);
+        $databaseName = $data->main_database;
         $data->main_database = '';
         $connection = self::getConnectionFromInstance($data);
         $data->main_database = $databaseName;

Original file line number	Diff line number	Diff line change
`@@ -954,6 +954,8 @@ public static function addInstance(stdClass $data)`
`954`	`954`	`$template = '';`
`955`	`955`	`}`
`956`	`956`
	`957`	`+ $data->main_database = Database::clearDatabaseName($data->main_database);`
	`958`	`+`
`957`	`959`	`$mainDatabase = api_get_configuration_value('main_database');`
`958`	`960`
`959`	`961`	`if ($mainDatabase == $data->main_database) {`
`@@ -964,7 +966,7 @@ public static function addInstance(stdClass $data)`
`964`	`966`	`return;`
`965`	`967`	`}`
`966`	`968`
`967`		`- $databaseName = Database::clearDatabaseName($data->main_database);`
	`969`	`+ $databaseName = $data->main_database;`
`968`	`970`	`$data->main_database = '';`
`969`	`971`	`$connection = self::getConnectionFromInstance($data);`
`970`	`972`	`$data->main_database = $databaseName;`