[daisy] [JIRA] Commented: (DSY-640) backup tool error

[Karel Vervaeke (JIRA)]

    [ http://issues.cocoondev.org//browse/DSY-640?page=comments#action_13627 ] 

Karel Vervaeke commented on DSY-640:
------------------------------------

Thanks. It's an improvement, but I think the password should also be quoted etc, plus, just slapping quotes around the text does not handle cases where the input already contains quotes (a la SQL injection - I doubt malicious users will be a problem, but we should handle it anyway).

I will apply the patch but I'll keep this issue open until the input is properly escaped.

> backup tool error
> -----------------
>
>          Key: DSY-640
>          URL: http://issues.cocoondev.org//browse/DSY-640
>      Project: Daisy
>         Type: Bug
>   Components: Backup
>     Versions: 2.2
>  Environment: Windows XP Professional, Service Pack 2.
>     Reporter: Bob Ellison
>     Priority: Minor
>  Attachments: DSY-640.patch
>
> When I initially ran the backup tool via a script with all parameters enclosed in quotes, I got an error that the user repouser at localhost could not access the database "and". The paths for all of the parameters included either "Program Files" or "Document and Settings". I  then used a backup directory path that had no spaces and now got the error  Files\Daisy\daisyhome ""=="" was unexpected at this time. Finally I executed the script in the folder "Program Files\Daisy" with
> just  "-d RepoData " in the script rather than the full path. By this time all of the paths referred to files or directories which were in the folder "Daisy".and hence had no embedded spaces. The backup was now successful.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.cocoondev.org//secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira