diff options
Diffstat (limited to 'modules/gallery/controllers/packager.php')
| -rw-r--r-- | modules/gallery/controllers/packager.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index 2d3249ed..d7e3cf41 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2012 Bharat Mediratta + * Copyright (C) 2000-2013 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -88,14 +88,17 @@ class Packager_Controller extends Controller { $dbconfig = Kohana::config('database.default'); $conn = $dbconfig["connection"]; - $pass = $conn["pass"] ? "-p{$conn['pass']}" : ""; $sql_file = DOCROOT . "installer/install.sql"; if (!is_writable($sql_file)) { print "$sql_file is not writeable"; return; } - $command = "mysqldump --compact --skip-extended-insert --add-drop-table -h{$conn['host']} " . - "-u{$conn['user']} $pass {$conn['database']} > $sql_file"; + $command = sprintf( + "mysqldump --compact --skip-extended-insert --add-drop-table %s %s %s %s > $sql_file", + escapeshellarg("-h{$conn['host']}"), + escapeshellarg("-u{$conn['user']}"), + $conn['pass'] ? escapeshellarg("-p{$conn['pass']}") : "", + escapeshellarg($conn['database'])); exec($command, $output, $status); if ($status) { print "<pre>"; |