diff --git a/library/database/mysql_db b/library/database/mysql_db index 622bf59a39..c9fd5b4e08 100644 --- a/library/database/mysql_db +++ b/library/database/mysql_db @@ -101,6 +101,7 @@ EXAMPLES = ''' import ConfigParser import os +import pipes try: import MySQLdb except ImportError: @@ -123,36 +124,36 @@ def db_delete(cursor, db): def db_dump(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysqldump', True) - cmd += " --quick --user=%s --password='%s'" %(user, password) + cmd += " --quick --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) + cmd += " %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = cmd + ' | gzip > ' + target + cmd = cmd + ' | gzip > ' + pipes.quote(target) elif os.path.splitext(target)[-1] == '.bz2': - cmd = cmd + ' | bzip2 > ' + target + cmd = cmd + ' | bzip2 > ' + pipes.quote(target) else: - cmd += " > %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " > %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_import(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysql', True) - cmd += " --user=%s --password='%s'" %(user, password) + cmd += " --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " -D %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) + cmd += " -D %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = 'gunzip < ' + target + ' | ' + cmd + cmd = 'gunzip < ' + pipes.quote(target) + ' | ' + cmd elif os.path.splitext(target)[-1] == '.bz2': - cmd = 'bunzip2 < ' + target + ' | ' + cmd + cmd = 'bunzip2 < ' + pipes.quote(target) + ' | ' + cmd else: - cmd += " < %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " < %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_create(cursor, db, encoding, collation):