Tiny Tiny RSS: Community

Escape special characters in config.php

Hello,

When installing TT-RSS via the URL install/ it’s throw an error 500 with a blank page. It’s because my DB password contain a single quote '. So I have to change my password or edit the config.php file manually to escape it.

To reproduce the problem, on a fresh install, go to /install an fill a password containing a single quote '. I use mysql, I guess this will happen with other DB too.

So my suggestion is that TTRSS should escape special characters automatically, so the auto installation will process normally.

Thanks!

TT-RSS doesn’t get to decide which characters in the PHP language have special meaning. You’re getting a 500 error code because PHP is throwing a parse error when loading the files. If you want a quote in your database password (or any string) you escape the quote characters with a backslash. That’s standard for PHP and not something any application written in this language can change.

That’s standard for PHP and not something any application written in this language can change.

Uhm I don’t get your point. Escaping string is a part of PHP. I get this error because TT-RSS does not escape characters for the config values. There is PHP function called addslashes() that can be used. I’m not a PHP dev but I know that there is multiple solutions to make the auto-installation work without touching files, like it’s suposed to do.

Best regards

I see. You were not explicit that this error occurred with the auto installation process when you select to have TT-RSS create the config.php file you. In the future, please provide all steps as the installation can be done differently.

I see what you’re saying now while looking through the code. In fact, there are a few characters that need to be escaped beyond just the single quote. It doesn’t look like make_config() handles PHP special characters when it generates the config file.

This can be patched pretty quickly, but in the mean time you can get running by manually editing config.php and at the top manually updating your database information with the appropriate backslashes.

e: Thanks for reporting. Be sure to use the bug report template for future issues.

e2: I have a PR just about ready that I’ll push later today.

e3: Done. https://git.tt-rss.org/fox/tt-rss/pulls/136

yep this looks like it was an oversight on my part, i guess in all the years installer existed nobody noticed.

thanks to @JustAMacUser for the PR, i’ve merged the fix in trunk.