0017012: Quotes not escaped on install - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0017012	mantisbt	installation	public	2014-02-20 13:05	2014-12-29 19:22

Reporter	olimonf	Assigned To	dregad
Priority	normal	Severity	crash	Reproducibility	always
Status	closed	Resolution	fixed
Platform	Apache with PHP Module	OS	Windows	OS Version	7
Product Version	1.2.16
Target Version	1.3.0-beta.1	Fixed in Version	1.3.0-beta.1

Summary	0017012: Quotes not escaped on install
Description	Quotes aren't escaped in Mantis installation, For examle if my MySQL server password is 'myPass123' [with the quotes] the config_inc.php file will be saved as: "$g_db_password = ''myPass123'';" causing a crash of fatal error in mantis (Parse error: syntax error, unexpected 'myPass123' (T_STRING)). this can happen with any vars and probably its vunerable to SQL Injection.
Steps To Reproduce	Extract a new / not installed Manits file in your webDir Go to install Create a temporary user in your database with password 'toor' [with quotes] Install mantis with the credentials of this temp user Mantis will cannot load.
Tags	No tags attached.

MantisBT: master aa962973 2014-02-26 02:28 dregad Details Diff	Install: escape strings in generated config_inc.php Fixes 0017012	Affected Issues 0017012
	mod - admin/install.php	Diff File
MantisBT: master 38325e28 2014-12-29 14:12 dregad Details Diff	Install: escape strings inserted in config_inc.php This ensures it is not possible to inject arbitrary PHP code into the generated config file. Fixes 0012908, 0017012	Affected Issues 0012908, 0017012
	mod - admin/install.php	Diff File

dregad 2014-02-26 09:42 developer ~0039553	Strings are now escaped with addslashes() where applicable. this can happen with any vars and probably its vunerable to SQL Injection I don't think this could lead to injection attacks, as these variables are not used in SQL queries. If you do find such a vulnerability, kindly open a private issue on this tracker with steps to reproduce it.