mysqldump command line fails when password includes shell metacharacters | Report Bugs | Free Forums

All Wordpress Forum requests have been moved to Wordpress Support Forums

 

Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
mysqldump command line fails when password includes shell metacharacters
April 16, 2012
12:44 am
Avatar
Guest

Hi,

 

in XClone 3.1 the mysqldump command line construction is not safe when shell metacharacters are part of the password. For example a password starting with or including ">" will be truncated at that character and the output redirected to a file consisting of the remains of the password. To correct this, cloner.functions.php, line 1971 could be changed to:

 

exec($_CONFIG[sqldump] . " -h " . $_CONFIG['mysql_host'] . " -u " . $_CONFIG['mysql_user'] . " --password='" . $_CONFIG['mysql_pass'] . "' " . $dbname . " > " . $sqlfile . " $drop --allow-keywords " . $ex_dump);

 

Note that the password is now included in single quotes, which will defuse the metacharacters *EXCEPT FOR A SINGLE QUOTE*. I don't know what the right PHP function is to sanitise a string that may include a single quote, and render it as "\'" (backslash single-quote). Note that the other fields should be relatively safe from this problem; host names and user names don't normally use characters that are part of the shell metacharacter set (dollar, brackets of various types, less than and greater than symbols, ampersand, bang, pipe, semicolon, asterisk, question mark and single, double and back quotes).

Forum Timezone: UTC 0

Most Users Ever Online: 867

Currently Online:
8 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tom_1: 70

mlguru: 33

Django29: 29

D: 21

Andy: 21

Marcus: 20

Member Stats:

Guest Posters: 737

Members: 41732

Moderators: 1

Admins: 1

Forum Stats:

Groups: 3

Forums: 7

Topics: 2517

Posts: 8419

Newest Members:

Arnottwci Arnottwci

Moderators: Ovidiu - Support!: 0

Administrators: XCloner! Support: 2485

Quick contact

place

Hi there, my name is Ovidiu Liuta and i support the XCloner! project
XCloner is a Joomla backup component, Wordpress backup plugin and Free website backup tool.
Contact me here!

About company

XCloner.com is a dynamic company focusing on providing backup and recovery solutions for small to medium websites.
We are based in Romania and offer 24/7 support through forums and our private ticket system for Premium users support.

© 2020 XCloner - Website Backup and Restore made simple
All Rights Reserved | Privacy Policy