(cp 81f8d65a2) fixes GHSA-gphq-34pv-gvf3 sanity check for table prefix during install

2026-05-09 14:55:25 +02:00 · 2026-03-30 15:42:44 +02:00
parent d58ddc6b82
commit ed1e975b23
1 changed files with 9 additions and 0 deletions
@@ -266,6 +266,15 @@ if (isset($_POST['install']))

  pwg_db_check_charset();

+  if (
+    strlen($prefixeTable) > 20
+    or preg_match('/^\d/', $prefixeTable)
+    or !preg_match('/^[a-zA-Z0-9_$]*$/u', $prefixeTable)
+  )
+  {
+    $errors[] = 'invalid table prefix';
+  }
+
  $webmaster = trim(preg_replace('/\s{2,}/', ' ', $admin_name));
  if (empty($webmaster))
  {