Skip to content

Commit 55ae89c

Browse files
divinity76jaapmarcus
divinity76
and
jaapmarcus
authored
fortify WordPressSetup (hestiacp#4570)
* fortify WordPressSetup * Run npm run format --------- Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
1 parent e6946b0 commit 55ae89c

File tree

1 file changed

+63
-69
lines changed

1 file changed

+63
-69
lines changed

web/src/app/WebApp/Installers/WordPress/WordPressSetup.php

Lines changed: 63 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -94,59 +94,55 @@ public function install(array $options = null) {
9494
switch ($constant) {
9595
case "DB_NAME":
9696
$result->raw[$line_num] =
97-
"define( '" .
98-
$constant .
99-
"'," .
100-
$padding .
101-
"'" .
102-
addcslashes(
97+
"define( " .
98+
var_export($constant, true) .
99+
"," .
100+
str_repeat(" ", strlen($padding)) .
101+
var_export(
103102
$this->appcontext->user() . "_" . $options["database_name"],
104-
"\\'",
103+
true,
105104
) .
106-
"' );";
105+
" );";
107106
break;
108107
case "DB_USER":
109108
$result->raw[$line_num] =
110-
"define( '" .
111-
$constant .
112-
"'," .
113-
$padding .
114-
"'" .
115-
addcslashes(
109+
"define( " .
110+
var_export($constant, true) .
111+
"," .
112+
str_repeat(" ", strlen($padding)) .
113+
var_export(
116114
$this->appcontext->user() . "_" . $options["database_user"],
117-
"\\'",
115+
true,
118116
) .
119-
"' );";
117+
" );";
120118
break;
121119
case "DB_PASSWORD":
122120
$result->raw[$line_num] =
123-
"define( '" .
124-
$constant .
125-
"'," .
126-
$padding .
127-
"'" .
128-
addcslashes($options["database_password"], "\\'") .
129-
"' );";
121+
"define( " .
122+
var_export($constant, true) .
123+
"," .
124+
str_repeat(" ", strlen($padding)) .
125+
var_export($options["database_password"], true) .
126+
" );";
130127
break;
131128
case "DB_HOST":
132129
$result->raw[$line_num] =
133-
"define( '" .
134-
$constant .
135-
"'," .
136-
$padding .
137-
"'" .
138-
addcslashes($options["database_host"], "\\'") .
139-
"' );";
130+
"define( " .
131+
var_export($constant, true) .
132+
"," .
133+
str_repeat(" ", strlen($padding)) .
134+
var_export($options["database_host"], true) .
135+
" );";
140136
break;
141137
case "DB_CHARSET":
142138
$result->raw[$line_num] =
143-
"define( '" .
144-
$constant .
145-
"'," .
146-
$padding .
147-
"'" .
148-
addcslashes("utf8mb4", "\\'") .
149-
"' );";
139+
"define( " .
140+
var_export($constant, true) .
141+
"," .
142+
str_repeat(" ", strlen($padding)) .
143+
var_export("utf8mb4", true) .
144+
" );";
145+
150146
break;
151147
case "AUTH_KEY":
152148
case "SECURE_AUTH_KEY":
@@ -157,13 +153,12 @@ public function install(array $options = null) {
157153
case "LOGGED_IN_SALT":
158154
case "NONCE_SALT":
159155
$result->raw[$line_num] =
160-
"define( '" .
161-
$constant .
162-
"'," .
163-
$padding .
164-
"'" .
165-
Util::generate_string(64) .
166-
"' );";
156+
"define( " .
157+
var_export($constant, true) .
158+
"," .
159+
str_repeat(" ", strlen($padding)) .
160+
var_export(Util::generate_string(64), true) .
161+
" );";
167162
break;
168163
}
169164
}
@@ -234,32 +229,31 @@ public function install(array $options = null) {
234229
strlen($options["install_directory"]) - 1,
235230
);
236231
}
232+
$cmd = implode(" ", [
233+
"/usr/bin/curl",
234+
"--location",
235+
"--post301",
236+
"--insecure",
237+
"--resolve " .
238+
quoteshellarg(
239+
$this->domain . ":$webPort:" . $this->appcontext->getWebDomainIp($this->domain),
240+
),
241+
quoteshellarg(
242+
$webDomain . $options["install_directory"] . "/wp-admin/install.php?step=2",
243+
),
244+
"--data-binary " .
245+
quoteshellarg(
246+
http_build_query([
247+
"weblog_title" => $options["site_name"],
248+
"user_name" => $options["username"],
249+
"admin_password" => $options["password"],
250+
"admin_password2" => $options["password"],
251+
"admin_email" => $options["email"],
252+
]),
253+
),
254+
]);
237255

238-
exec(
239-
"/usr/bin/curl --location --post301 --insecure --resolve " .
240-
$this->domain .
241-
":$webPort:" .
242-
$this->appcontext->getWebDomainIp($this->domain) .
243-
" " .
244-
quoteshellarg(
245-
$webDomain . $options["install_directory"] . "/wp-admin/install.php?step=2",
246-
) .
247-
" -d " .
248-
quoteshellarg(
249-
"weblog_title=" .
250-
rawurlencode($options["site_name"]) .
251-
"&user_name=" .
252-
rawurlencode($options["username"]) .
253-
"&admin_password=" .
254-
rawurlencode($options["password"]) .
255-
"&admin_password2=" .
256-
rawurlencode($options["password"]) .
257-
"&admin_email=" .
258-
rawurlencode($options["email"]),
259-
),
260-
$output,
261-
$return_var,
262-
);
256+
exec($cmd, $output, $return_var);
263257

264258
if (
265259
strpos(implode(PHP_EOL, $output), "Error establishing a database connection") !== false

0 commit comments

Comments
 (0)