Escape the host/username/password arguments to mysqldump. Fixes #1984.

author: Bharat Mediratta <bharat@menalto.com> 2013-01-31 16:29:09 -0500
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-31 16:29:09 -0500
commit: ea54a88ec8d3c6e412f5efda58601006af1cf86c (patch)
tree: 2ca9be1515e3aefa3bf9af6869cfdabe736d19e5 /modules
parent: 107735ffc42bd761e28cbfc79f59aa23c1bcbc2a (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php
index c48965b5..d7e3cf41 100644
--- a/modules/gallery/controllers/packager.php
+++ b/modules/gallery/controllers/packager.php
@@ -88,14 +88,17 @@ class Packager_Controller extends Controller {
 
     $dbconfig = Kohana::config('database.default');
     $conn = $dbconfig["connection"];
-    $pass = $conn["pass"] ? "-p{$conn['pass']}" : "";
     $sql_file = DOCROOT . "installer/install.sql";
     if (!is_writable($sql_file)) {
       print "$sql_file is not writeable";
       return;
     }
-    $command = "mysqldump --compact --skip-extended-insert --add-drop-table -h{$conn['host']} " .
-      "-u{$conn['user']} $pass {$conn['database']} > $sql_file";
+    $command = sprintf(
+      "mysqldump --compact --skip-extended-insert --add-drop-table %s %s %s %s > $sql_file",
+      escapeshellarg("-h{$conn['host']}"),
+      escapeshellarg("-u{$conn['user']}"),
+      $conn['pass'] ? escapeshellarg("-p{$conn['pass']}") : "",
+      escapeshellarg($conn['database']));
     exec($command, $output, $status);
     if ($status) {
       print "<pre>";
author	Bharat Mediratta <bharat@menalto.com>	2013-01-31 16:29:09 -0500
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-31 16:29:09 -0500
commit	ea54a88ec8d3c6e412f5efda58601006af1cf86c (patch)
tree	2ca9be1515e3aefa3bf9af6869cfdabe736d19e5 /modules
parent	107735ffc42bd761e28cbfc79f59aa23c1bcbc2a (diff)