Merge pull request #1557 from mtmail/document-boundingbox

[nominatim.git] / lib / cmd.php

diff --git a/lib/cmd.php b/lib/cmd.php
index 101868109c8f2cd9cca82810583e6a9962799820..77878c153c73f90440fcbf532413c68ca13dab40 100644 (file)
--- a/lib/cmd.php
+++ b/lib/cmd.php
@@ -120,15 +120,6 @@ function showUsage($aSpec, $bExit = false, $sError = false)
     exit;
 }
 
-function chksql($oSql, $sMsg = false)
-{
-    if (PEAR::isError($oSql)) {
-        fail($sMsg || $oSql->getMessage(), $oSql->userinfo);
-    }
-
-    return $oSql;
-}
-
 function info($sMsg)
 {
     echo date('Y-m-d H:i:s == ').$sMsg."\n";
@@ -155,14 +146,16 @@ function repeatWarnings()
 function runSQLScript($sScript, $bfatal = true, $bVerbose = false, $bIgnoreErrors = false)
 {
     // Convert database DSN to psql parameters
-    $aDSNInfo = DB::parseDSN(CONST_Database_DSN);
+    $aDSNInfo = \Nominatim\DB::parseDSN(CONST_Database_DSN);
     if (!isset($aDSNInfo['port']) || !$aDSNInfo['port']) $aDSNInfo['port'] = 5432;
-    $sCMD = 'psql -p '.$aDSNInfo['port'].' -d '.$aDSNInfo['database'];
+    $sCMD = 'psql'
+        .' -p '.escapeshellarg($aDSNInfo['port'])
+        .' -d '.escapeshellarg($aDSNInfo['database']);
     if (isset($aDSNInfo['hostspec']) && $aDSNInfo['hostspec']) {
-        $sCMD .= ' -h ' . $aDSNInfo['hostspec'];
+        $sCMD .= ' -h ' . escapeshellarg($aDSNInfo['hostspec']);
     }
     if (isset($aDSNInfo['username']) && $aDSNInfo['username']) {
-        $sCMD .= ' -U ' . $aDSNInfo['username'];
+        $sCMD .= ' -U ' . escapeshellarg($aDSNInfo['username']);
     }
     $aProcEnv = null;
     if (isset($aDSNInfo['password']) && $aDSNInfo['password']) {
@@ -186,7 +179,7 @@ function runSQLScript($sScript, $bfatal = true, $bVerbose = false, $bIgnoreError
     }
 
     if (!$bVerbose) {
-        fwrite($ahPipes[0], "set client_min_messages to WARNING;");
+        fwrite($ahPipes[0], 'set client_min_messages to WARNING;');
     }
 
     while (strlen($sScript)) {