[Pkg-cacti-maint] Bug#710331: cacti: Mishandling of double-quotes in password

[Paul Gevers]

clone 710331 -1
reassign -1 dbconfig-common
retitle -1 special characters should be escaped when used in templates
block 710331 by -1
retitle 710331 cacti: no special character handling in configuration
thanks

Cacti uses dbconfig-common to configure the cacti database connection.
However, as far as I can tell dbconfig-common doesn't do anything to
ensure proper handling of special characters in strings. If I have a
password for my database containing special characters, I get them all
as they were, making the procedure impossible to use with templates.

E.g. the following line ends up exactly like it is:
x" '\
making either " or ' as string delimiters (or no delimiters) in php or
sh not doing the right thing. Of course the proper escaping depends on
the language of the template, e.g. for sh the above line could be
escaped as:
'x" '\''\' or with a lot more care to take all variations into account:
"x\" '\\"
for php, it needs to be something like
'x" \'\\' or "x\" '\\"
and probably for other languages even something different.

Of course, the template in cacti should not contain the quotes anymore
when dbconfig-common escapes the strings properly. So I clone the bug
accordingly.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20130713/e29e90ac/attachment.sig>