diff options
Diffstat (limited to 'lib/backup/database.rb')
-rw-r--r-- | lib/backup/database.rb | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/backup/database.rb b/lib/backup/database.rb index c4fb2e2e159..6ada5bb4ea2 100644 --- a/lib/backup/database.rb +++ b/lib/backup/database.rb @@ -1,4 +1,5 @@ require 'yaml' +require 'shellwords' module Backup class Database @@ -13,20 +14,20 @@ module Backup def dump case config["adapter"] when /^mysql/ then - system("mysqldump #{mysql_args} #{config['database']} > #{db_file_name}") + system("mysqldump #{mysql_args} #{Shellwords.shellescape(config['database'])} > #{Shellwords.shellescape(db_file_name)}") when "postgresql" then pg_env - system("pg_dump #{config['database']} > #{db_file_name}") + system("pg_dump #{Shellwords.shellescape(config['database'])} > #{db_file_name}") end end def restore case config["adapter"] when /^mysql/ then - system("mysql #{mysql_args} #{config['database']} < #{db_file_name}") + system("mysql #{mysql_args} #{Shellwords.shellescape(config['database'])} < #{db_file_name}") when "postgresql" then pg_env - system("psql #{config['database']} -f #{db_file_name}") + system("psql #{Shellwords.shellescape(config['database'])} -f #{Shellwords.shellescape(db_file_name)}") end end @@ -45,7 +46,7 @@ module Backup 'encoding' => '--default-character-set', 'password' => '--password' } - args.map { |opt, arg| "#{arg}='#{config[opt]}'" if config[opt] }.compact.join(' ') + args.map { |opt, arg| "#{arg}=#{Shellwords.shellescape(config[opt])}" if config[opt] }.compact.join(' ') end def pg_env |