fixes GHSA-gphq-34pv-gvf3 sanity check for table prefix during install

2026-04-30 18:42:43 +02:00 · 2026-03-30 15:41:54 +02:00
parent c9af737962
commit 81f8d65a25
1 changed files with 9 additions and 0 deletions
--- a/install.php
+++ b/install.php
@@ -266,6 +266,15 @@ if (isset($_POST['install']))

  pwg_db_check_charset();

+  if (
+    strlen($prefixeTable) > 20
+    or preg_match('/^\d/', $prefixeTable)
+    or !preg_match('/^[a-zA-Z0-9_$]*$/u', $prefixeTable)
+  )
+  {
+    $errors[] = 'invalid table prefix';
+  }
+
  $webmaster = trim(preg_replace('/\s{2,}/', ' ', $admin_name));
  if (empty($webmaster))
  {