From ea54a88ec8d3c6e412f5efda58601006af1cf86c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 31 Jan 2013 16:29:09 -0500 Subject: Escape the host/username/password arguments to mysqldump. Fixes #1984. --- modules/gallery/controllers/packager.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index c48965b5..d7e3cf41 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -88,14 +88,17 @@ class Packager_Controller extends Controller { $dbconfig = Kohana::config('database.default'); $conn = $dbconfig["connection"]; - $pass = $conn["pass"] ? "-p{$conn['pass']}" : ""; $sql_file = DOCROOT . "installer/install.sql"; if (!is_writable($sql_file)) { print "$sql_file is not writeable"; return; } - $command = "mysqldump --compact --skip-extended-insert --add-drop-table -h{$conn['host']} " . - "-u{$conn['user']} $pass {$conn['database']} > $sql_file"; + $command = sprintf( + "mysqldump --compact --skip-extended-insert --add-drop-table %s %s %s %s > $sql_file", + escapeshellarg("-h{$conn['host']}"), + escapeshellarg("-u{$conn['user']}"), + $conn['pass'] ? escapeshellarg("-p{$conn['pass']}") : "", + escapeshellarg($conn['database'])); exec($command, $output, $status); if ($status) { print "
";
-- 
cgit v1.2.3