}
/**
- * function to check valid db name containing only characters in [0-9,a-z,A-Z_]
+ * ensure database name is 'safe', i.e. only contains word characters (includes underscores)
+ * and dashes, and contains at least one [a-z] case insenstive.
*
* @param $database
*
* @return bool
*/
- public static function requireValidDBName($database) {
+ public static function requireSafeDBName($database) {
$matches = array();
preg_match(
- "/^[0-9]*[a-zA-Z_]+[a-zA-Z0-9_]*$/",
+ "/^[\w\-]*[a-z]+[\w\-]*$/i",
$database,
$matches
);
$testDetails = array(
ts("MySQL %1 Configuration", array(1 => $dbName)),
ts("Is the provided database name valid?"),
- ts("The database name provided is not valid. Please use only 0-9, a-z, A-Z and _ as characters in the name."),
+ ts("The database name provided is not valid. Please use only 0-9, a-z, A-Z, _ and - as characters in the name."),
);
- if (!CRM_Core_DAO::requireValidDBName($databaseConfig['database'])) {
+ if (!CRM_Core_DAO::requireSafeDBName($databaseConfig['database'])) {
$this->error($testDetails);
return FALSE;
}
}
/**
- * requireValidDBName() method (to check valid database name)
+ * requireSafeDBName() method (to check valid database name)
*/
- public function testRequireValidDBName() {
+ public function testRequireSafeDBName() {
$databases = array(
'testdb' => TRUE,
'test_db' => TRUE,
'123testdb' => TRUE,
'test12db34' => TRUE,
'test_12_db34' => TRUE,
- 'test-db' => FALSE,
+ 'test-db' => TRUE,
'test;db' => FALSE,
'test*&db' => FALSE,
'testdb;Delete test' => FALSE,
);
$testDetails = array();
foreach ($databases as $database => $val) {
- $this->assertEquals(CRM_Core_DAO::requireValidDBName($database), $val);
+ $this->assertEquals(CRM_Core_DAO::requireSafeDBName($database), $val);
}
}