Skip to content

Commit

Permalink
postgresql - add quotes around user names
Browse files Browse the repository at this point in the history
fix #37114

Signed-off-by: Simon L <[email protected]>
  • Loading branch information
szaimen authored and backportbot-nextcloud[bot] committed Mar 10, 2023
1 parent 51c7688 commit df8b19a
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions lib/private/Setup/PostgreSQL.php
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public function setupDatabase($username) {
// Therefore we assume that the database is only used by one user/service which is Nextcloud
// Additional services should get installed in a separate database in order to stay secure
// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"');
$connectionMainDatabase->close();
}
}
Expand Down Expand Up @@ -122,7 +122,7 @@ public function setupDatabase($username) {
private function createDatabase(Connection $connection) {
if (!$this->databaseExists($connection)) {
//The database does not exists... let's create it
$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER " . addslashes($this->dbUser));
$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER \"" . addslashes($this->dbUser) . '"');
try {
$query->execute();
} catch (DatabaseException $e) {
Expand Down Expand Up @@ -172,10 +172,10 @@ private function createDBUser(Connection $connection) {
}

// create the user
$query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
$query = $connection->prepare("CREATE USER \"" . addslashes($this->dbUser) . "\" CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
$query->execute();
if ($this->databaseExists($connection)) {
$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO '.addslashes($this->dbUser));
$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO "' . addslashes($this->dbUser) . '"');
$query->execute();
}
} catch (DatabaseException $e) {
Expand Down

0 comments on commit df8b19a

Please sign in to comment.