From 25609d0b253b24bda4db407a97fc0a4f3ede4d8c Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Tue, 20 Sep 2011 12:32:40 +0530 Subject: [PATCH 1/3] allow escape characters in password --- cgi-bin/webnotes/model/db_schema.py | 5 ++++- cgi-bin/webnotes/utils/__init__.py | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cgi-bin/webnotes/model/db_schema.py b/cgi-bin/webnotes/model/db_schema.py index e1e02058d2..eb9f73f36f 100644 --- a/cgi-bin/webnotes/model/db_schema.py +++ b/cgi-bin/webnotes/model/db_schema.py @@ -357,8 +357,11 @@ class DbManager: mysql_path = getattr(webnotes.defs, 'mysql_path', None) mysql = mysql_path and os.path.join(mysql_path, 'mysql') or 'mysql' + from webnotes.utils import make_esc + esc = make_esc('$ ') + try: - ret = os.system("%s -u root -p%s %s < %s"%(mysql, root_password.replace(" ", "\ "), target.replace("$", "\$"), source)) + ret = os.system("%s -u root -p%s %s < %s"%(mysql, esc(root_password), esc(target), source)) except Exception,e: raise e diff --git a/cgi-bin/webnotes/utils/__init__.py b/cgi-bin/webnotes/utils/__init__.py index 6e342f1802..b3d044d7dd 100644 --- a/cgi-bin/webnotes/utils/__init__.py +++ b/cgi-bin/webnotes/utils/__init__.py @@ -636,6 +636,10 @@ def get_file_timestamp(fn): else: return None - +def make_esc(esc_chars): + """ + Function generator for Escaping special characters + """ + return lambda s: ''.join(['\\' + c if c in esc_chars else c for c in s]) From 77fc4886ab8709e1c3ec8a5b40a24e3afe666aac Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Wed, 21 Sep 2011 12:02:31 +0530 Subject: [PATCH 2/3] Allow db names containing char $ --- cgi-bin/webnotes/utils/backups.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cgi-bin/webnotes/utils/backups.py b/cgi-bin/webnotes/utils/backups.py index 26e1f98771..db34c8f38b 100644 --- a/cgi-bin/webnotes/utils/backups.py +++ b/cgi-bin/webnotes/utils/backups.py @@ -24,7 +24,7 @@ class BackupGenerator: If specifying db_file_name, also append ".sql.gz" """ def __init__(self, db_name, user, password, db_file_name=None): - self.db_name = db_name + self.db_name = db_name.replace('$', '\$') self.user = user self.password = password self.db_file_name = db_file_name and db_file_name \ From 37009b6e7d075719b99c93ca4425eed5aebe9e2e Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Wed, 21 Sep 2011 12:27:56 +0530 Subject: [PATCH 3/3] os.stat takes parameter path without escaping special characters. Hence, had to un-escape the db file name to check the time stamps --- cgi-bin/webnotes/utils/backups.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cgi-bin/webnotes/utils/backups.py b/cgi-bin/webnotes/utils/backups.py index db34c8f38b..5c74ffe618 100644 --- a/cgi-bin/webnotes/utils/backups.py +++ b/cgi-bin/webnotes/utils/backups.py @@ -28,7 +28,7 @@ class BackupGenerator: self.user = user self.password = password self.db_file_name = db_file_name and db_file_name \ - or (os.path.join(backup_path, db_name + ".sql.gz")) + or (os.path.join(backup_path, self.db_name + ".sql.gz")) def take_dump(self): """ @@ -88,7 +88,7 @@ class BackupGenerator: Also, a new backup will be available for download (if requested)\ only after 24 hours.""" % {"file_url":file_url} - datetime_str = datetime.fromtimestamp(os.stat(self.db_file_name).st_ctime) + datetime_str = datetime.fromtimestamp(os.stat(self.db_file_name.replace('\$', '$')).st_ctime) subject = datetime_str.strftime("%d/%m/%Y %H:%M:%S") + """ - Backup ready to be downloaded""" sendmail(recipients=recipient_list, msg=msg, subject=subject)