From 6d5437721efd6ce023f1296c78e84fe72bdd2518 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Tue, 19 May 2020 21:07:55 -0400 Subject: [PATCH] Remove HTML escaping in config file template, add quote escaping - Allows HTML special characters and quotes in DB password --- view/templates/local.config.tpl | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/view/templates/local.config.tpl b/view/templates/local.config.tpl index ad809c9d8..24b33b8cd 100644 --- a/view/templates/local.config.tpl +++ b/view/templates/local.config.tpl @@ -7,10 +7,10 @@ return [ 'database' => [ - 'hostname' => '{{$dbhost}}', - 'username' => '{{$dbuser}}', - 'password' => '{{$dbpass}}', - 'database' => '{{$dbdata}}', + 'hostname' => '{{$dbhost|escape:'quotes' nofilter}}', + 'username' => '{{$dbuser|escape:'quotes' nofilter}}', + 'password' => '{{$dbpass|escape:'quotes' nofilter}}', + 'database' => '{{$dbdata|escape:'quotes' nofilter}}', 'charset' => 'utf8mb4', ], @@ -21,19 +21,19 @@ return [ // **************************************************************** 'config' => [ - 'php_path' => '{{$phpath}}', - 'admin_email' => '{{$adminmail}}', + 'php_path' => '{{$phpath|escape:'quotes' nofilter}}', + 'admin_email' => '{{$adminmail|escape:'quotes' nofilter}}', 'sitename' => 'Friendica Social Network', - 'hostname' => '{{$hostname}}', + 'hostname' => '{{$hostname|escape:'quotes' nofilter}}', 'register_policy' => \Friendica\Module\Register::OPEN, 'max_import_size' => 200000, ], 'system' => [ - 'urlpath' => '{{$urlpath}}', - 'url' => '{{$baseurl}}', - 'ssl_policy' => {{$sslpolicy}}, - 'basepath' => '{{$basepath}}', - 'default_timezone' => '{{$timezone}}', - 'language' => '{{$language}}', + 'urlpath' => '{{$urlpath|escape:'quotes' nofilter}}', + 'url' => '{{$baseurl|escape:'quotes' nofilter}}', + 'ssl_policy' => {{$sslpolicy|escape:'quotes' nofilter}}, + 'basepath' => '{{$basepath|escape:'quotes' nofilter}}', + 'default_timezone' => '{{$timezone|escape:'quotes' nofilter}}', + 'language' => '{{$language|escape:'quotes' nofilter}}', ], ];