From c4c92ec285dabafeda926020f106f5a04dab247a Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 12:36:33 +0100 Subject: [PATCH 1/6] add / escape args for paths --- Processor/TarProcessor.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Processor/TarProcessor.php b/Processor/TarProcessor.php index cfae60b..29542d5 100644 --- a/Processor/TarProcessor.php +++ b/Processor/TarProcessor.php @@ -2,6 +2,8 @@ namespace Dizda\CloudBackupBundle\Processor; +use Symfony\Component\Process\ProcessUtils; + class TarProcessor extends BaseProcessor implements ProcessorInterface { /** @@ -27,9 +29,9 @@ public function getCompressionCommand($archivePath, $basePath) return sprintf('tar %s c -C %s . | gzip %s > %s', implode(' ', $tarParams), - $basePath, + ProcessUtils::escapeArgument($basePath), implode(' ', $zipParams), - $archivePath + ProcessUtils::escapeArgument($archivePath) ); } From 560ef8f1d49eb67a22df7d93bd630274dce669f0 Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 12:37:32 +0100 Subject: [PATCH 2/6] add / escape args for paths --- Database/MySQL.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Database/MySQL.php b/Database/MySQL.php index 738db71..341dd2a 100644 --- a/Database/MySQL.php +++ b/Database/MySQL.php @@ -1,6 +1,8 @@ auth, $this->database, $this->ignoreTables, - $this->dataPath.$this->fileName); + ProcessUtils::escapeArgument($this->dataPath.$this->fileName) + ); } /** From 71e5a8c68de9306475173b6d000c0ae5172da2d6 Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 12:49:41 +0100 Subject: [PATCH 3/6] add / escape args for paths --- Tests/Database/MySQLTest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Tests/Database/MySQLTest.php b/Tests/Database/MySQLTest.php index 0c0e7ab..b278589 100644 --- a/Tests/Database/MySQLTest.php +++ b/Tests/Database/MySQLTest.php @@ -25,7 +25,7 @@ public function shouldDumpAllDatabases() ), ), '/var/backup/'); - $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" --all-databases > /var/backup/mysql/all-databases.sql"); + $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" --all-databases > '/var/backup/mysql/all-databases.sql'"); } /** @@ -55,7 +55,7 @@ public function shouldDumpSpecifiedDatabase() ), ), '/var/backup/'); - $this->assertEquals($mysql1->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" dizbdd > /var/backup/mysql/dizbdd.sql"); + $this->assertEquals($mysql1->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" dizbdd > '/var/backup/mysql/dizbdd.sql'"); $this->assertEquals($mysql2->getCommand(), "mysqldump --host=\"somehost\" --port=\"2222\" --user=\"mysql\" --password=\"somepwd\" somebdd > /var/backup/mysql/somebdd.sql"); // dump specified database with no auth @@ -90,7 +90,7 @@ public function shouldDumpAllDatabasesWithNoAuth() ), ), '/var/backup/'); - $this->assertEquals($mysql->getCommand(), 'mysqldump --all-databases > /var/backup/mysql/all-databases.sql'); + $this->assertEquals($mysql->getCommand(), 'mysqldump --all-databases > \'/var/backup/mysql/all-databases.sql\''); } /** @@ -110,7 +110,7 @@ public function shouldIgnoreSpecifiedTablesForSpecifiedDatabase() ), ), '/var/backup/'); - $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" dizbdd --ignore-table=dizbdd.table1 --ignore-table=dizbdd.table2 > /var/backup/mysql/dizbdd.sql"); + $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" dizbdd --ignore-table=dizbdd.table1 --ignore-table=dizbdd.table2 > '/var/backup/mysql/dizbdd.sql'"); } /** @@ -130,7 +130,7 @@ public function shouldIgnoreSpecifiedTablesForAllDatabase() ), ), '/var/backup/'); - $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" --all-databases --ignore-table=db1.table1 --ignore-table=db2.table2 > /var/backup/mysql/all-databases.sql"); + $this->assertEquals($mysql->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" --all-databases --ignore-table=db1.table1 --ignore-table=db2.table2 > '/var/backup/mysql/all-databases.sql'"); } /** From 6411f91d9fb3e12aacb073a8a1f60617f41107bd Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 12:51:23 +0100 Subject: [PATCH 4/6] add / escape args for paths --- Tests/Processor/TarTest.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Tests/Processor/TarTest.php b/Tests/Processor/TarTest.php index 37f37c8..7f95256 100644 --- a/Tests/Processor/TarTest.php +++ b/Tests/Processor/TarTest.php @@ -3,6 +3,7 @@ namespace Dizda\CloudBackupBundle\Tests\Processor; use Dizda\CloudBackupBundle\Processor\TarProcessor; +use Symfony\Component\Process\ProcessUtils; /** * Class TarTest. @@ -15,8 +16,8 @@ class TarTest extends \PHPUnit_Framework_TestCase public function testGetCompressionCommand() { // build necessary data - $outputPath = '/var/backup/'; - $archivePath = $outputPath . 'coucou.zip'; + $outputPath = ProcessUtils::escapeArgument('/var/backup/'); + $archivePath = ProcessUtils::escapeArgument($outputPath . 'coucou.zip'); // compress with default params $processor = new TarProcessor(array()); From 4e0140230ec081d4d12f59e36c73defddb0201bd Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 13:00:05 +0100 Subject: [PATCH 5/6] add / escape args for paths --- Tests/Database/MySQLTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Database/MySQLTest.php b/Tests/Database/MySQLTest.php index b278589..bdca425 100644 --- a/Tests/Database/MySQLTest.php +++ b/Tests/Database/MySQLTest.php @@ -56,7 +56,7 @@ public function shouldDumpSpecifiedDatabase() ), '/var/backup/'); $this->assertEquals($mysql1->getCommand(), "mysqldump --host=\"localhost\" --port=\"3306\" --user=\"root\" --password=\"test\" dizbdd > '/var/backup/mysql/dizbdd.sql'"); - $this->assertEquals($mysql2->getCommand(), "mysqldump --host=\"somehost\" --port=\"2222\" --user=\"mysql\" --password=\"somepwd\" somebdd > /var/backup/mysql/somebdd.sql"); + $this->assertEquals($mysql2->getCommand(), "mysqldump --host=\"somehost\" --port=\"2222\" --user=\"mysql\" --password=\"somepwd\" somebdd > '/var/backup/mysql/somebdd.sql'"); // dump specified database with no auth $mysql = new MySQLDummy(array( @@ -70,7 +70,7 @@ public function shouldDumpSpecifiedDatabase() ), ), '/var/backup/'); - $this->assertEquals($mysql->getCommand(), 'mysqldump somebdd > /var/backup/mysql/somebdd.sql'); + $this->assertEquals($mysql->getCommand(), 'mysqldump somebdd > \'/var/backup/mysql/somebdd.sql\''); } /** From 887c1a5d4ec10bac89bb4044508c3469480b597a Mon Sep 17 00:00:00 2001 From: scasei Date: Sun, 24 Jan 2016 13:02:04 +0100 Subject: [PATCH 6/6] add / escape args for paths --- Tests/Processor/TarTest.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Tests/Processor/TarTest.php b/Tests/Processor/TarTest.php index 7f95256..41182f3 100644 --- a/Tests/Processor/TarTest.php +++ b/Tests/Processor/TarTest.php @@ -16,35 +16,35 @@ class TarTest extends \PHPUnit_Framework_TestCase public function testGetCompressionCommand() { // build necessary data - $outputPath = ProcessUtils::escapeArgument('/var/backup/'); - $archivePath = ProcessUtils::escapeArgument($outputPath . 'coucou.zip'); + $outputPath = '/var/backup/'; + $archivePath = $outputPath . 'coucou.zip'; // compress with default params $processor = new TarProcessor(array()); $this->assertEquals( $processor->getCompressionCommand($archivePath, $outputPath), - "tar c -C $outputPath . | gzip > $archivePath" + "tar c -C ". ProcessUtils::escapeArgument($outputPath)." . | gzip > ". ProcessUtils::escapeArgument($archivePath) ); // compress with password - password not used in tar processor $processor = new TarProcessor(array('password' => 'qwerty')); $this->assertEquals( $processor->getCompressionCommand($archivePath, $outputPath), - "tar c -C $outputPath . | gzip > $archivePath" + "tar c -C ". ProcessUtils::escapeArgument($outputPath)." . | gzip > ". ProcessUtils::escapeArgument($archivePath) ); // compress with compression rate = 0 $processor = new TarProcessor(array('compression_ratio' => 0)); $this->assertEquals( $processor->getCompressionCommand($archivePath, $outputPath), - "tar c -C $outputPath . | gzip -0 > $archivePath" + "tar c -C ". ProcessUtils::escapeArgument($outputPath)." . | gzip -0 > ". ProcessUtils::escapeArgument($archivePath) ); // compress with compression rate = 9 $processor = new TarProcessor(array('compression_ratio' => 9)); $this->assertEquals( $processor->getCompressionCommand($archivePath, $outputPath), - "tar c -C $outputPath . | gzip -9 > $archivePath" + "tar c -C ". ProcessUtils::escapeArgument($outputPath)." . | gzip -9 > ". ProcessUtils::escapeArgument($archivePath) ); } }