Merge pull request #34 from grizooo/fix/escapePassword

BUGFIX: Fix escaping of passwords with characters that habe special meaning on the shell
sitegeist · Sep 11, 2019 · 7742e94 · 7742e94
2 parents 57bee55 + 2e2e3b0
commit 7742e94
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Classes/DBAL/SimpleDBAL.php b/Classes/DBAL/SimpleDBAL.php
@@ -22,9 +22,9 @@ class SimpleDBAL {
     public function buildCmd(string $driver, ?string $host, int $port, string $username, string $password, string $database): string
     {
         if ($driver === 'pdo_mysql') {
-            return sprintf('mysql --host=%s --port=%s --user=%s --password=%s %s', escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($password), escapeshellarg($database));
+            return sprintf('mysql --host=%s --port=%s --user=%s --password=\'"\'"%s"\'"\'', escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($password), escapeshellarg($database));
         } else if ($driver === 'pdo_pgsql') {
-            return sprintf('PGOPTIONS=--client-min-messages=warning PGPASSWORD=%s psql --quiet --host=%s --port=%s --username=%s --dbname=%s', escapeshellarg($password), escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($database));
+            return sprintf('PGOPTIONS=--client-min-messages=warning PGPASSWORD=\'"\'"%s"\'"\' psql --quiet --host=%s --port=%s --username=%s --dbname=%s', escapeshellarg($password), escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($database));
         }
     }
 
@@ -40,9 +40,9 @@ public function buildCmd(string $driver, ?string $host, int $port, string $usern
     public function buildDumpCmd(string $driver, ?string $host, int $port, string $username, string $password, string $database): string
     {
         if ($driver === 'pdo_mysql') {
-            return sprintf('mysqldump --single-transaction --add-drop-table --host=%s --port=%d --user=%s --password=%s %s', escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($password), escapeshellarg($database));
+            return sprintf('mysqldump --single-transaction --add-drop-table --host=%s --port=%d --user=%s --password=\'"\'"%s"\'"\' %s', escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($password), escapeshellarg($database));
         } else if ($driver === 'pdo_pgsql') {
-            return sprintf('PGPASSWORD=%s pg_dump --host=%s --port=%s --username=%s --dbname=%s --schema=public --no-owner --no-privileges', escapeshellarg($password), escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($database));
+            return sprintf('PGPASSWORD=\'"\'"%s"\'"\' pg_dump --host=%s --port=%s --username=%s --dbname=%s --schema=public --no-owner --no-privileges', escapeshellarg($password), escapeshellarg($host), escapeshellarg($port), escapeshellarg($username), escapeshellarg($database));
         }
     }