detaint command before performing backup. Fixes #2945
This commit is contained in:
parent
20870e22fa
commit
a7ef8e3dc8
|
@ -384,21 +384,22 @@ if ( $version ) {
|
|||
my $command = 'mysqldump';
|
||||
if ( defined($portOrSocket) ) {
|
||||
if ( $portOrSocket =~ /^\// ) {
|
||||
$command .= " -S".$portOrSocket;
|
||||
$command .= ' -S'.$portOrSocket;
|
||||
} else {
|
||||
$command .= " -h".$host." -P".$portOrSocket;
|
||||
$command .= ' -h'.$host.' -P'.$portOrSocket;
|
||||
}
|
||||
} else {
|
||||
$command .= " -h".$host;
|
||||
$command .= ' -h'.$host;
|
||||
}
|
||||
if ( $dbUser ) {
|
||||
$command .= ' -u'.$dbUser;
|
||||
$command .= ' -p"'.$dbPass.'"' if $dbPass;
|
||||
}
|
||||
my $backup = "@ZM_TMPDIR@/".$Config{ZM_DB_NAME}."-".$version.".dump";
|
||||
$command .= " --add-drop-table --databases ".$Config{ZM_DB_NAME}." > ".$backup;
|
||||
my $backup = '@ZM_TMPDIR@/'.$Config{ZM_DB_NAME}.'-'.$version.'.dump';
|
||||
$command .= ' --add-drop-table --databases '.$Config{ZM_DB_NAME}.' > '.$backup;
|
||||
print("Creating backup to $backup. This may take several minutes.\n");
|
||||
print( "Executing '$command'\n" ) if ( logDebugging() );
|
||||
($command) = $command =~ /(.*)/; # detaint
|
||||
print("Executing '$command'\n") if logDebugging();
|
||||
my $output = qx($command);
|
||||
my $status = $? >> 8;
|
||||
if ( $status || logDebugging() ) {
|
||||
|
|
Loading…
Reference in New Issue