From 59fd33622f3db10ab2f33aec247056264e4ade26 Mon Sep 17 00:00:00 2001
From: chriskl <chriskl>
Date: Tue, 24 Dec 2002 05:45:37 +0000
Subject: [PATCH] fix adodb connection routine for when password, host,
 username, port or dbname contains quotes or spaces

---
 libraries/adodb/adodb-postgres.inc.php | 27 +++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/libraries/adodb/adodb-postgres.inc.php b/libraries/adodb/adodb-postgres.inc.php
index 91c1ce98..b981e46d 100755
--- a/libraries/adodb/adodb-postgres.inc.php
+++ b/libraries/adodb/adodb-postgres.inc.php
@@ -180,16 +180,15 @@ a different OID if a database must be reloaded. */
 		if ($user || $pwd || $db) {
            	if ($str)  {
 			 	$host = split(":", $str);
-				if ($host[0]) $str = "host=$host[0]";
+				if ($host[0]) $str = "host='" . addslashes($host[0]) . "'";
 				else $str = 'localhost';
-				if (isset($host[1])) $str .= " port=$host[1]";
+				if (isset($host[1])) $str .= " port='" . addslashes($host[1]) . "'";
 			}
-           		if ($user) $str .= " user='{$user}'";
-           		if ($pwd)  $str .= " password='{$pwd}'";
-			if ($db)   $str .= " dbname='{$db}'";
+           		if ($user) $str .= " user='" . addslashes($user) . "'";
+           		if ($pwd)  $str .= " password='" . addslashes($pwd) . "'";
+			if ($db)   $str .= " dbname='" . addslashes($db) . "'";
 		}
 		
-		//if ($user) $linea = "user=$user host=$linea password=$pwd dbname=$db port=5432";
 		$this->_connectionID = @pg_connect($str);
 
 		if ($this->_connectionID === false) return false;
@@ -205,17 +204,19 @@ a different OID if a database must be reloaded. */
 	function _pconnect($str,$user='',$pwd='',$db='')
 	{
 		if ($user || $pwd || $db) {
-           		if ($str)  {
+           	if ($str)  {
 			 	$host = split(":", $str);
-				if ($host[0]) $str = "host=$host[0]";
+				if ($host[0]) $str = "host='" . addslashes($host[0]) . "'";
 				else $str = 'localhost';
-				if (isset($host[1])) $str .= " port=$host[1]";
+				if (isset($host[1])) $str .= " port='" . addslashes($host[1]) . "'";
 			}
-           		if ($user) $str .= " user='{$user}'";
-           		if ($pwd)  $str .= " password='{$pwd}'";
-			if ($db)   $str .= " dbname='{$db}'";
-		}//print $str;
+           		if ($user) $str .= " user='" . addslashes($user) . "'";
+           		if ($pwd)  $str .= " password='" . addslashes($pwd) . "'";
+			if ($db)   $str .= " dbname='" . addslashes($db) . "'";
+		}
+
 		$this->_connectionID = @pg_pconnect($str);
+
 		if ($this->_connectionID === false) return false;
 		$this->Execute("set datestyle='ISO'");
 		return true;
-- 
2.39.5