Skip to content

Commit e36b725

Browse files
divinity76jaapmarcus
divinity76
and
jaapmarcus
authored
fortify FlarumSetup (hestiacp#4567)
* fortify FlarumSetup * Run npm format --------- Co-authored-by: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
1 parent 0d9abe5 commit e36b725

File tree

1 file changed

+27
-30
lines changed

1 file changed

+27
-30
lines changed

web/src/app/WebApp/Installers/Flarum/FlarumSetup.php

Lines changed: 27 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33

44
use Hestia\System\Util;
55
use Hestia\WebApp\Installers\BaseSetup as BaseSetup;
6+
use function Hestiacp\quoteshellarg\quoteshellarg;
67

78
class FlarumSetup extends BaseSetup {
89
protected $appInfo = [
@@ -173,36 +174,32 @@ public function install(array $options = null): bool {
173174
$subfolder = "/" . $subfolder;
174175
}
175176

176-
$cmd =
177-
"/usr/bin/curl --location --post301 --insecure --resolve " .
178-
$this->domain .
179-
":$webPort:" .
180-
$this->appcontext->getWebDomainIp($this->domain) .
181-
" " .
182-
escapeshellarg($webDomain . $subfolder . "/index.php") .
183-
" -d " .
184-
escapeshellarg(
185-
"forumTitle=" .
186-
rawurlencode($options["forum_title"]) .
187-
"&mysqlHost=" .
188-
rawurlencode($mysql_host) .
189-
"&mysqlDatabase=" .
190-
rawurlencode($mysql_database) .
191-
"&mysqlUsername=" .
192-
rawurlencode($mysql_username) .
193-
"&mysqlPassword=" .
194-
rawurlencode($mysql_password) .
195-
"&tablePrefix=" .
196-
rawurlencode($table_prefix) .
197-
"&adminUsername=" .
198-
rawurlencode($options["admin_username"]) .
199-
"&adminEmail=" .
200-
rawurlencode($options["admin_email"]) .
201-
"&adminPassword=" .
202-
rawurlencode($options["admin_password"]) .
203-
"&adminPasswordConfirmation=" .
204-
rawurlencode($options["admin_password"]),
205-
);
177+
$cmd = implode(" ", [
178+
"/usr/bin/curl",
179+
"--location",
180+
"--post301",
181+
"--insecure",
182+
"--resolve " .
183+
quoteshellarg(
184+
$this->domain . ":$webPort:" . $this->appcontext->getWebDomainIp($this->domain),
185+
),
186+
quoteshellarg($webDomain . $subfolder . "/index.php"),
187+
"--data-binary " .
188+
quoteshellarg(
189+
http_build_query([
190+
"forumTitle" => $options["forum_title"],
191+
"mysqlHost" => $mysql_host,
192+
"mysqlDatabase" => $mysql_database,
193+
"mysqlUsername" => $mysql_username,
194+
"mysqlPassword" => $mysql_password,
195+
"tablePrefix" => $table_prefix,
196+
"adminUsername" => $options["admin_username"],
197+
"adminEmail" => $options["admin_email"],
198+
"adminPassword" => $options["admin_password"],
199+
"adminPasswordConfirmation" => $options["admin_password"],
200+
]),
201+
),
202+
]);
206203
exec($cmd, $output, $return_var);
207204

208205
// Report any errors

0 commit comments

Comments
 (0)