-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
makeservices: makemysql automatic wp db pass #129
Conversation
This approach breaks an important constraint of our current system-- we don't want users to be able to choose their database passwords. How I would recommend doing it: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's also a SQL injection issue here, in that accepting user input and then running a SQL query without using a prepared statement or other safeguard means that arbitrary queries can be made, which would be a big problem.
makeservices/makemysql
Outdated
|
||
PASS=$(sudo -u mysql /opt/share/utils/makeservices/makemysql-real | tee /dev/tty | tail -n 1 | grep -Po '(?<=: )([0-9a-zA-Z]){24,}$') | ||
cd ~/public_html/ | ||
wp config set DB_PASSWORD "$PASS" > /dev/null 2>&1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are you throwing out this error? Silent failures can create a lot of confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to make sure the script didn't interfere with other scripts that use the makemysql command. Ill modify to only throw out the stdout
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, that's a good point, stripping stdout is probably OK here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me, I would add a comment before the cd ~/public_html
line saying that you are changing the wordpress database password.
please make sure to squash commits before merging them. also, makemysql is used in more contexts than /just/ updating WordPress passwords - I don't use WordPress for example, but I do use my OCF MySQL instance for other reasons. This is nominally safe, but should probably prompt to accept before running commands against someone's WordPress install. |
This commit consists 18 commits in total, earliest one dating back to May 2020, intended to fix chain reactions caused by #129. This commit: 1. Changed `makemysql-real`, allowing it to output only the password and nothing else if a specific argument is given 2. Changed `makemysql`, allowing it to correctly fetch password printed by `makemysql-real`, allowing it to be silent if no wordpress installation is found, allowing it to not change wordpress password if a specific argument is given, and allowing it to output only the password and nothing else if a specific argument is given. 3. Changed `easywp` so that it is compatible with the updated `makemysql`. Hopefully, this will not break ocf infra. 18 commits: * rewrote so that it might work * idk wat autopep8 changed/suggested i followed its advice * forgot to add the messages * Added argument parsing and non-human-friendly output * Squashed two commits redirected some stuff to stderr fix stupid mistakes for makemysql-real * updated all three scripts so that they support some silent arguments and make things fancy but they might not work as I didn't test it * fix stupid bugs made in 3cac9d4 * fix pre-commit problem made in 3cac9d4 * Wrapper for if silent * Fixed a stupid logical mistake and added some stuff in bash scripts; did not run pre commit yet * Applied @kpengboy's suggestions 1. Changed --silent to --quiet 2. Disable `set -e` at places where error-handling exists 3. Added some more instructions 4. Removed some redundant stuff, but idk if this will blow stuff up * Bug: if quite is specified, do not ask if user wants to proceed. * Indentation Errors * Fix, silent should be global variable * Fixed some bugs in easywp * fix comment * fix so precommit pass * more to squash
This commit consists 18 commits in total, earliest one dating back to May 2020, intended to fix chain reactions caused by #129. This commit: 1. Changed `makemysql-real`, allowing it to output only the password and nothing else if a specific argument is given 2. Changed `makemysql`, allowing it to correctly fetch password printed by `makemysql-real`, allowing it to be silent if no wordpress installation is found, allowing it to not change wordpress password if a specific argument is given, and allowing it to output only the password and nothing else if a specific argument is given. 3. Changed `easywp` so that it is compatible with the updated `makemysql`. Hopefully, this will not break ocf infra. 18 commits: * rewrote so that it might work * idk wat autopep8 changed/suggested i followed its advice * forgot to add the messages * Added argument parsing and non-human-friendly output * Squashed two commits redirected some stuff to stderr fix stupid mistakes for makemysql-real * updated all three scripts so that they support some silent arguments and make things fancy but they might not work as I didn't test it * fix stupid bugs made in 3cac9d4 * fix pre-commit problem made in 3cac9d4 * Wrapper for if silent * Fixed a stupid logical mistake and added some stuff in bash scripts; did not run pre commit yet * Applied @kpengboy's suggestions 1. Changed --silent to --quiet 2. Disable `set -e` at places where error-handling exists 3. Added some more instructions 4. Removed some redundant stuff, but idk if this will blow stuff up * Bug: if quite is specified, do not ask if user wants to proceed. * Indentation Errors * Fix, silent should be global variable * Fixed some bugs in easywp * fix comment * fix so precommit pass * more to squash
Modified makemysql and makemysql-real to automatically update wp db pass if pass is reset