From dacef1915ac1ec88400ac69b6c37156a81ac5602 Mon Sep 17 00:00:00 2001 From: Jim Kleckner Date: Thu, 2 Jan 2014 12:04:03 -0800 Subject: [PATCH] Add quotes to password argument for dump/import The password is passed on a command line for dump and import and needs quoting. Ideally, this would not be passed on a command line at all - any ideas? Or at least have a stronger form of quoting so that embedded single quotes will be escaped. --- library/database/mysql_db | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/database/mysql_db b/library/database/mysql_db index b6fbe5f83f..cf98701115 100644 --- a/library/database/mysql_db +++ b/library/database/mysql_db @@ -118,7 +118,7 @@ def db_delete(cursor, db): def db_dump(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysqldump', True) - cmd += " --quick --user=%s --password=%s" %(user, password) + cmd += " --quick --user=%s --password='%s'" %(user, password) if socket is not None: cmd += " --socket=%s" % socket else: @@ -135,7 +135,7 @@ def db_dump(module, host, user, password, db_name, target, port, socket=None): def db_import(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysql', True) - cmd += " --user=%s --password=%s" %(user, password) + cmd += " --user=%s --password='%s'" %(user, password) if socket is not None: cmd += " --socket=%s" % socket else: