From 8b76fadf6d096eeb925328e2df058c417bd4633d Mon Sep 17 00:00:00 2001
From: Tobias Reich <tobias.reich.ich@gmail.com>
Date: Fri, 29 Aug 2014 20:10:50 +0200
Subject: [PATCH] Escape data before writing to config.php (#38)

---
 php/modules/Database.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/php/modules/Database.php b/php/modules/Database.php
index 41820ee..77ff6c9 100755
--- a/php/modules/Database.php
+++ b/php/modules/Database.php
@@ -86,6 +86,13 @@ class Database extends Module {
 
 		}
 
+		# Escape data
+		$host		= mysqli_real_escape_string($database, $host);
+		$user		= mysqli_real_escape_string($database, $user);
+		$password	= mysqli_real_escape_string($database, $password);
+		$name		= mysqli_real_escape_string($database, $name);
+		$prefix		= mysqli_real_escape_string($database, $prefix);
+
 		# Save config.php
 $config = "<?php