diff --git a/.hgignore b/.hgignore
index 2c278c240..b368cc91d 100644
--- a/.hgignore
+++ b/.hgignore
@@ -248,3 +248,5 @@ code/nel/tools/build_gamedata/processes/ai_wmap/ai_build_wmap.cfg
code/nel/tools/build_gamedata/processes/sheets/sheets_packer.cfg
code/nel/tools/build_gamedata/processes/rbank/build_rbank.cfg
code/nel/tools/build_gamedata/processes/zone/debug_zone_dependencies.cfg
+code/web/public_php/config.php
+code/web/public_php/is_installed
diff --git a/code/web/public_php/setup/index.php b/code/web/public_php/setup/index.php
index 57f8aad3e..a02d9e9e6 100644
--- a/code/web/public_php/setup/index.php
+++ b/code/web/public_php/setup/index.php
@@ -73,7 +73,7 @@ function update_database_structure($continue_r, $con, $file) {
} else {
if (mysqli_multi_query($con, $sql)) {
printalert("success", "Database structure updated using " . $file . "");
- while (mysqli_next_result($con)) {
+ while (mysqli_more_results($con) && mysqli_next_result($con)) {
// no-op
}
} else {
@@ -169,17 +169,17 @@ function update_database_structure($continue_r, $con, $file) {
$continue = false;
} else {
$cwd = getcwd();
- $config = str_replace("%privatePhpDirectory%", realpath($cwd . "/" . $_POST["privatePhpDirectory"]), $config);
- $config = str_replace("%publicPhpDirectory%", realpath($cwd), $config);
- $config = str_replace("%sqlHostname%", $_POST["sqlHostname"], $config);
- $config = str_replace("%sqlUsername%", $_POST["sqlUsername"], $config);
- $config = str_replace("%sqlPassword%", $_POST["sqlPassword"], $config);
- $config = str_replace("%nelDatabase%", $_POST["nelDatabase"], $config);
- $config = str_replace("%toolDatabase%", $_POST["toolDatabase"], $config);
- $config = str_replace("%amsDatabase%", $_POST["amsDatabase"], $config);
- $config = str_replace("%amsLibDatabase%", $_POST["amsLibDatabase"], $config);
- $config = str_replace("%amsAdminUsername%", $_POST["amsAdminUsername"], $config);
- $config = str_replace("%amsAdminPassword%", $_POST["amsAdminPassword"], $config);
+ $config = str_replace("%privatePhpDirectory%", addslashes(realpath($cwd . "/" . $_POST["privatePhpDirectory"])), $config);
+ $config = str_replace("%publicPhpDirectory%", addslashes(realpath($cwd)), $config);
+ $config = str_replace("%sqlHostname%", addslashes($_POST["sqlHostname"]), $config);
+ $config = str_replace("%sqlUsername%", addslashes($_POST["sqlUsername"]), $config);
+ $config = str_replace("%sqlPassword%", addslashes($_POST["sqlPassword"]), $config);
+ $config = str_replace("%nelDatabase%", addslashes($_POST["nelDatabase"]), $config);
+ $config = str_replace("%toolDatabase%", addslashes($_POST["toolDatabase"]), $config);
+ $config = str_replace("%amsDatabase%", addslashes($_POST["amsDatabase"]), $config);
+ $config = str_replace("%amsLibDatabase%", addslashes($_POST["amsLibDatabase"]), $config);
+ $config = str_replace("%amsAdminUsername%", addslashes($_POST["amsAdminUsername"]), $config);
+ $config = str_replace("%amsAdminPassword%", addslashes($_POST["amsAdminPassword"]), $config);
if (file_put_contents("config.php", $config)) {
printalert("success", "Generated config.php");
} else {