Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Escape the host/username/password arguments to mysqldump. Fixes #1984.

  • Loading branch information...
commit ea54a88ec8d3c6e412f5efda58601006af1cf86c 1 parent 107735f
@bharat bharat authored
Showing with 6 additions and 3 deletions.
  1. +6 −3 modules/gallery/controllers/packager.php
View
9 modules/gallery/controllers/packager.php
@@ -88,14 +88,17 @@ private function _dump_database() {
$dbconfig = Kohana::config('database.default');
$conn = $dbconfig["connection"];
- $pass = $conn["pass"] ? "-p{$conn['pass']}" : "";
$sql_file = DOCROOT . "installer/install.sql";
if (!is_writable($sql_file)) {
print "$sql_file is not writeable";
return;
}
- $command = "mysqldump --compact --skip-extended-insert --add-drop-table -h{$conn['host']} " .
- "-u{$conn['user']} $pass {$conn['database']} > $sql_file";
+ $command = sprintf(
+ "mysqldump --compact --skip-extended-insert --add-drop-table %s %s %s %s > $sql_file",
+ escapeshellarg("-h{$conn['host']}"),
+ escapeshellarg("-u{$conn['user']}"),
+ $conn['pass'] ? escapeshellarg("-p{$conn['pass']}") : "",
+ escapeshellarg($conn['database']));
exec($command, $output, $status);
if ($status) {
print "<pre>";
Please sign in to comment.
Something went wrong with that request. Please try again.