Fix inserting random code into serendipity_config_local.inc.php as Admin.

diff --git a/include/functions_installer.inc.php b/include/functions_installer.inc.php
index 7b32f88d07d4518b5855f457cc535ace5835d91b..01281ae30ed15236e1e8d7aa4d2ebc2432f97851 100644 (file)
--- a/include/functions_installer.inc.php
+++ b/include/functions_installer.inc.php
@@ -100,17 +100,17 @@ function serendipity_updateLocalConfig($dbName, $dbPrefix, $dbHost, $dbUser, $db
     fwrite($configfp, "\t*/\n\n");
 
     fwrite($configfp, "\t\$serendipity['versionInstalled']  = '{$serendipity['version']}';\n");
-    fwrite($configfp, "\t\$serendipity['dbName']            = '{$dbName}';\n");
-    fwrite($configfp, "\t\$serendipity['dbPrefix']          = '{$dbPrefix}';\n");
-    fwrite($configfp, "\t\$serendipity['dbHost']            = '{$dbHost}';\n");
-    fwrite($configfp, "\t\$serendipity['dbUser']            = '{$dbUser}';\n");
-    fwrite($configfp, "\t\$serendipity['dbPass']            = '{$dbPass}';\n");
-    fwrite($configfp, "\t\$serendipity['dbType']            = '{$dbType}';\n");
+    fwrite($configfp, "\t\$serendipity['dbName']            = '" . addslashes($dbName) . "';\n");
+    fwrite($configfp, "\t\$serendipity['dbPrefix']          = '" . addslashes($dbPrefix) . "';\n");
+    fwrite($configfp, "\t\$serendipity['dbHost']            = '" . addslashes($dbHost) . "';\n");
+    fwrite($configfp, "\t\$serendipity['dbUser']            = '" . addslashes($dbUser) . "';\n");
+    fwrite($configfp, "\t\$serendipity['dbPass']            = '" . addslashes($dbPass) . "';\n");
+    fwrite($configfp, "\t\$serendipity['dbType']            = '" . addslashes($dbType) . "';\n");
     fwrite($configfp, "\t\$serendipity['dbPersistent']      = ". (serendipity_db_bool($dbPersistent) ? 'true' : 'false') .";\n");
 
     if (is_array($privateVariables) && count($privateVariables) > 0) {
         foreach($privateVariables AS $p_idx => $p_val) {
-            fwrite($configfp, "\t\$serendipity['{$p_idx}']  = '{$p_val}';\n");
+            fwrite($configfp, "\t\$serendipity['{$p_idx}']  = '" . addslashes($p_val) . "';\n");
         }
     }
 
@@ -1098,7 +1098,7 @@ function serendipity_check_rewrite($default) {
         );
         return $default;
     } else {
-        fwrite($fp, 'ErrorDocument 404 ' . $serendipity_root . 'index.php');
+        fwrite($fp, 'ErrorDocument 404 ' . addslashes($serendipity_root) . 'index.php');
         fclose($fp);
 
         // Do a request on a nonexistant file to see, if our htaccess allows ErrorDocument

diff --git a/include/functions_rss.inc.php b/include/functions_rss.inc.php
index 12e597050663097e8c07122dcabcab56602b4a00..84ea52d235758645d13a086032277be684834110 100644 (file)
--- a/include/functions_rss.inc.php
+++ b/include/functions_rss.inc.php
@@ -83,7 +83,7 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
                     $cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name']));
                 }
             }
-            
+
             // Prepare variables
             // 1. UTF8 encoding + htmlspecialchars.
             $entry['feed_title']     = serendipity_utf8_encode(htmlspecialchars($entry['title']));
@@ -106,28 +106,28 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f
                 case 'opml1.0':
                     $entry_hook = 'frontend_display:opml-1.0:per_entry';
                     break;
-            
+
                 case '0.91':
                     $entry_hook = 'frontend_display:rss-0.91:per_entry';
                     break;
-            
+
                 case '1.0':
                     $entry_hook = 'frontend_display:rss-1.0:per_entry';
                     break;
-            
+
                 case '2.0':
                     $entry_hook = 'frontend_display:rss-2.0:per_entry';
                     break;
-            
+
                 case 'atom0.3':
                     $entry_hook = 'frontend_display:atom-0.3:per_entry';
                     break;
-            
+
                 case 'atom1.0':
                     $entry_hook = 'frontend_display:atom-1.0:per_entry';
                     break;
             }
-            
+
             serendipity_plugin_api::hook_event($entry_hook, $entry);
             $entry['per_entry_display_dat'] = $entry['display_dat'];
         }

diff --git a/rss.php b/rss.php
index 2bacf96d4f34baa8bc43e479bb1b48e522b777c8..8078300964c713c678735e1eec7a522e032246ae 100644 (file)
--- a/rss.php
+++ b/rss.php
@@ -111,7 +111,7 @@ $metadata = array(
     'language'          => $serendipity['lang'],
     'additional_fields' => array(),
     'link'              => $serendipity['baseURL'],
-    'email'             => $serendipity['email'],
+    'email'             => $serendipity['blogMail'],
     'fullFeed'          => false,
     'showMail'          => false,
     'version'           => $version