postgresql - add quotes around user names

fix https://github.com/nextcloud/server/issues/37114 Signed-off-by: Simon L <szaimen@e.mail.de>
3 years ago · 40edac18f5
1 changed files with 4 additions and 4 deletions
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@ -80,7 +80,7 @@ class PostgreSQL extends AbstractDatabase {
 					// Therefore we assume that the database is only used by one user/service which is Nextcloud
 					// Additional services should get installed in a separate database in order to stay secure
 					// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
-					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
+					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"');
 					$connectionMainDatabase->close();
 				}
 			}
@ -122,7 +122,7 @@ class PostgreSQL extends AbstractDatabase {
 	private function createDatabase(Connection $connection) {
 		if (!$this->databaseExists($connection)) {
 			//The database does not exists... let's create it
-			$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER " . addslashes($this->dbUser));
+			$query = $connection->prepare("CREATE DATABASE " . addslashes($this->dbName) . " OWNER \"" . addslashes($this->dbUser) . '"');
 			try {
 				$query->execute();
 			} catch (DatabaseException $e) {
@ -172,10 +172,10 @@ class PostgreSQL extends AbstractDatabase {
 			}

 			// create the user
-			$query = $connection->prepare("CREATE USER " . addslashes($this->dbUser) . " CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
+			$query = $connection->prepare("CREATE USER \"" . addslashes($this->dbUser) . "\" CREATEDB PASSWORD '" . addslashes($this->dbPassword) . "'");
 			$query->execute();
 			if ($this->databaseExists($connection)) {
-				$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO '.addslashes($this->dbUser));
+				$query = $connection->prepare('GRANT CONNECT ON DATABASE ' . addslashes($this->dbName) . ' TO "' . addslashes($this->dbUser) . '"');
 				$query->execute();
 			}
 		} catch (DatabaseException $e) {