From aad59ea609cf0f20e2d33adef67cd9ff2800e4fb Mon Sep 17 00:00:00 2001
From: Robert Ricci <ricci@cs.utah.edu>
Date: Wed, 17 Dec 2003 19:51:36 +0000
Subject: [PATCH] Quote the user's full name and project description in case
 they put special characters in them.

---
 utils/firstuser.in | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/utils/firstuser.in b/utils/firstuser.in
index faa8af432b..206ff72045 100755
--- a/utils/firstuser.in
+++ b/utils/firstuser.in
@@ -73,6 +73,12 @@ if (!$username || !$project || !$password || !$userfull || !$projdesc) {
     die "Not all information given, exiting\n";
 }
 
+#
+# Quote special characters in user-supplied data
+#
+$userfull = DBQuoteSpecial($userfull);
+$projdesc = DBQuoteSpecial($projdesc);
+
 print "Creating user/project: Are you sure? (Y/N) ";
 if (<> !~ /Y/i) {
     die "Aborted\n";
@@ -80,12 +86,12 @@ if (<> !~ /Y/i) {
 
 print "Creating user in database...\n";
 DBQueryFatal("insert into users set uid='$username', usr_created=now(), " .
-	"usr_name='$userfull', usr_pswd='$password', unix_uid=$uid, ".
+	"usr_name=$userfull, usr_pswd='$password', unix_uid=$uid, ".
 	"usr_modified=now(), admin=1, dbedit=1, status='active'");
 
 print "Creating project in database...\n";
 DBQueryFatal("insert into projects set pid='$project', created=now(), " .
-	"name='$projdesc', head_uid='$username', unix_gid=$gid, " .
+	"name=$projdesc, head_uid='$username', unix_gid=$gid, " .
 	"approved=1");
 
 print "Creating group in database...\n";
-- 
GitLab