Changed the input option for database-port to required when parameter was provided.

Added casting database port to int for input sanitation in pgsql and oci connections.

core/Command/Maintenance/Install.php

@@ -50,7 +50,7 @@ class Install extends Command {
 			->addOption('database', null, InputOption::VALUE_REQUIRED, 'Supported database type', 'sqlite')
 			->addOption('database-name', null, InputOption::VALUE_REQUIRED, 'Name of the database')
 			->addOption('database-host', null, InputOption::VALUE_REQUIRED, 'Hostname of the database', 'localhost')
-			->addOption('database-port', null, InputOption::VALUE_OPTIONAL, 'Port the database is listening on')
+			->addOption('database-port', null, InputOption::VALUE_REQUIRED, 'Port the database is listening on')
 			->addOption('database-user', null, InputOption::VALUE_REQUIRED, 'User name to connect to the database')
 			->addOption('database-pass', null, InputOption::VALUE_OPTIONAL, 'Password of the database user', null)
 			->addOption('database-table-prefix', null, InputOption::VALUE_OPTIONAL, 'Prefix for all tables (default: oc_)', null)

lib/private/Setup/OCI.php

@@ -63,8 +63,8 @@ class OCI extends AbstractDatabase {
 
 	public function setupDatabase($username) {
 		$e_host = addslashes($this->dbHost);
-		// adding slashes for security reasons
-		$e_port = addslashes($this->dbPort);
+		// casting to int to avoid malicious input
+		$e_port = (int)$this->dbPort;
 		$e_dbname = addslashes($this->dbName);
 		//check if the database user has admin right
 		if ($e_host == '') {

lib/private/Setup/PostgreSQL.php

@@ -36,8 +36,8 @@ class PostgreSQL extends AbstractDatabase {
 
 		// adding port support through installer
 		if(!empty($this->dbPort)) {
-			// adding slashes for security reasons
-			$port = addslashes($this->dbPort);
+			// casting to int to avoid malicious input
+			$port = (int)$this->dbPort;
 		} else if(strpos($e_host, ':')) {
 			list($e_host, $port)=explode(':', $e_host, 2);
 		} else {