From d9da5cf0848846e9d793f6b476fba63e65741032 Mon Sep 17 00:00:00 2001 From: Richard C Isaacson Date: Wed, 12 Mar 2014 22:15:56 -0500 Subject: [PATCH 1/2] Shell updates. --- database/mysql_db | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/database/mysql_db b/database/mysql_db index 622bf59a39f..2fc32914082 100644 --- a/database/mysql_db +++ b/database/mysql_db @@ -101,6 +101,7 @@ EXAMPLES = ''' import ConfigParser import os +import pipes try: import MySQLdb except ImportError: @@ -123,36 +124,36 @@ def db_delete(cursor, db): def db_dump(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysqldump', True) - cmd += " --quick --user=%s --password='%s'" %(user, password) + cmd += " --quick --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes(port)) + cmd += " %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = cmd + ' | gzip > ' + target + cmd = cmd + ' | gzip > ' + pipes.quote(target) elif os.path.splitext(target)[-1] == '.bz2': - cmd = cmd + ' | bzip2 > ' + target + cmd = cmd + ' | bzip2 > ' + pipes.quote(target) else: - cmd += " > %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " > %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_import(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysql', True) - cmd += " --user=%s --password='%s'" %(user, password) + cmd += " --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " -D %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) + cmd += " -D %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = 'gunzip < ' + target + ' | ' + cmd + cmd = 'gunzip < ' + pipes.quote(target) + ' | ' + cmd elif os.path.splitext(target)[-1] == '.bz2': - cmd = 'bunzip2 < ' + target + ' | ' + cmd + cmd = 'bunzip2 < ' + pipes.quote(target) + ' | ' + cmd else: - cmd += " < %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " < %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_create(cursor, db, encoding, collation): From 122917019c4cd93838cdab285633e3b66ac21312 Mon Sep 17 00:00:00 2001 From: Richard C Isaacson Date: Wed, 12 Mar 2014 23:25:22 -0500 Subject: [PATCH 2/2] mysql_db module: typo fix Tests clean. --- database/mysql_db | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/mysql_db b/database/mysql_db index 2fc32914082..c9fd5b4e087 100644 --- a/database/mysql_db +++ b/database/mysql_db @@ -128,7 +128,7 @@ def db_dump(module, host, user, password, db_name, target, port, socket=None): if socket is not None: cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes(port)) + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) cmd += " %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': cmd = cmd + ' | gzip > ' + pipes.quote(target)