Bugfix: Ensure confidentiality of database password.

Reported by Michael Schiessl

Bugfix: Ensure confidentiality of database password.
ac12340b · Gary Allan · f84e6429 · ac12340b · ac12340b · ac12340b
Unverified Commit ac12340b authored Feb 4, 2023 by Gary Allan
--- a/app/install/install_manual.php
+++ b/app/install/install_manual.php
@@ -50,23 +50,24 @@ $filename	  = @$_GET['subnetId']=="migrate" ? "MIGRATE" : "SCHEMA";
 		<pre>
 <?php

-$esc_user = addcslashes($db['user'],"'");
-$esc_pass = addcslashes($db['pass'],"'");
-$webhost  = is_string($db['webhost']) && strlen($db['webhost']) ? addcslashes($db['webhost'],"'") : 'localhost';
+$esc_user = escape_input($db['user']);
+$esc_pass = escape_input(_("<YOUR SECRET PASSWORD FROM config.php>"));
+$esc_webhost = is_string($db['webhost']) && strlen($db['webhost']) ? escape_input($db['webhost']) : 'localhost';
+$db_name  = escape_input($db['name']);

 $file  = "# Create phpipam database\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "CREATE DATABASE $db[name];\n\n";
+$file .= "CREATE DATABASE $db_name;\n\n";

 $file .= "# Set permissions for phpipam user\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "CREATE USER '$esc_user'@'$webhost' IDENTIFIED BY '$esc_pass';\n";
-$file .= "GRANT ALL ON $db[name].* TO '$esc_user'@'$webhost';\n";
+$file .= "CREATE USER '$esc_user'@'$esc_webhost' IDENTIFIED BY '$esc_pass';\n";
+$file .= "GRANT ALL ON $db_name.* TO '$esc_user'@'$esc_webhost';\n";
 $file .= "FLUSH PRIVILEGES;\n\n";

 $file .= "# Select created database\n";
 $file .= "# ------------------------------------------------------------\n";
-$file .= "USE `$db[name]`;\n\n\n";
+$file .= "USE `$db_name`;\n\n\n";

 $file .= "# Create tables and import data\n";
 $file .= "# ------------------------------------------------------------\n\n\n\n";

--- a/app/install/install_mysqlimport.php
+++ b/app/install/install_mysqlimport.php
@@ -27,12 +27,12 @@ Enter password:</pre>
 				</li>

 				<li><?php print _("Create database"); ?>
-					<pre>CREATE DATABASE `<?php print $db['name']; ?>`;
+					<pre>CREATE DATABASE `<?php print escape_input($db['name']); ?>`;
 exit</pre>
 				</li>

 				<li><?php print _("Import SQL file"); ?>
-					<pre>mysql -u root -p <?php print $db['name']; ?> &lt; db/<?php print $filename;?>.sql</pre>
+					<pre>mysql -u root -p <?php print escape_input($db['name']); ?> &lt; db/<?php print $filename;?>.sql</pre>
 				</li>

 				<?php
@@ -50,13 +50,15 @@ exit</pre>

 				<li><?php print _("Set permissions for phpipam user"); ?>
 				<pre><?php
-					$esc_user = addcslashes($db['user'],"'");
-					$esc_pass = addcslashes($db['pass'],"'");
-					$db_name  = $db['name'];
-					$webhost  = is_string($db['webhost']) && strlen($db['webhost']) > 0 ? addcslashes($db['webhost'],"'") : 'localhost';
+					$esc_user = escape_input($db['user']);
+					$esc_pass = escape_input(_("<YOUR SECRET PASSWORD FROM config.php>"));
+					$esc_webhost = is_string($db['webhost']) && strlen($db['webhost']) ? escape_input($db['webhost']) : 'localhost';
+					$db_name  = escape_input($db['name']);

-					print "CREATE USER '$esc_user'@'$webhost' IDENTIFIED BY '$esc_pass'; <br>";
-					print "GRANT ALL ON `$db_name`.* TO '$esc_user'@'$webhost'; <br>";
+					print "# Set permissions for phpipam user <br>";
+					print "# ------------------------------------------------------------ <br>";
+					print "CREATE USER '$esc_user'@'$esc_webhost' IDENTIFIED BY '$esc_pass'; <br>";
+					print "GRANT ALL ON $db_name.* TO '$esc_user'@'$esc_webhost'; <br>";
 					print "FLUSH PRIVILEGES; <br>";
 				?></pre>
 				</li>

--- a/misc/CHANGELOG
+++ b/misc/CHANGELOG
@@ -10,6 +10,7 @@
    + XSS (reflected) by invalid email address response;
    + XSS and LDAP injection in ad-search-result.php;
    + Restrict find_full_subnets.php to CLI;
+    + Ensure confidentiality of database password;

 == 1.5.0