From 7f5e48014d673e33a4511c4eb2ce6fe6aa0748cb Mon Sep 17 00:00:00 2001
From: Jay Trees <github@grandels.email>
Date: Mon, 10 Mar 2025 12:08:49 +0100
Subject: [PATCH] feat: refuse database testing after installation

---
 changelogs/unreleased.md  | 2 +-
 src/api/database-test.php | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/changelogs/unreleased.md b/changelogs/unreleased.md
index bd299d6e..843801f0 100644
--- a/changelogs/unreleased.md
+++ b/changelogs/unreleased.md
@@ -22,4 +22,4 @@
 
 ### Security
 
--   Nothing
+-   Added a check to disable database testing (`/index.php?page=api&module=database-test`) after wishthis has been installed - Thanks [@kumitterer](https://github.com/kumitterer)!
diff --git a/src/api/database-test.php b/src/api/database-test.php
index e57d6ec4..e8c2e50c 100644
--- a/src/api/database-test.php
+++ b/src/api/database-test.php
@@ -10,6 +10,14 @@ namespace wishthis;
 
 global $page, $database;
 
+if (isset($database) && $database) {
+    echo __('Refused to test database connection after installation.');
+
+    $response['dbTestSuccess'] = false;
+
+    return;
+}
+
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'POST':
         $success = false;