Backup App: brackets in DB password don’t get escaped

  • I have recently had weird problems with the Backup App (current version in Perch 3.1.7) not running as expected.

    Initializing a backup in Admin always led to the following error in an otherwise blank page in the browser:

    Code
    1. File 'backup/backup.sql' does not exist [code -4]


    The server admin came across the following error in the Apache error logs:

    Code
    1. sh: 1: Syntax error: ")“ unexpected

    As that didn’t give a lot of background info, the server admin started digging deeper and at some point came to the revelation, that it might be related to a closing bracket in the DB password.
    Changing the password solved our problem.


    Nonetheless, this problem should not occur in the first place.

    We suspect it originates from line 69 in PerchBackup.class.php:

    Code
    1. exec($mysqldump_path.' --opt --host='.PERCH_DB_SERVER.' --user='.PERCH_DB_USERNAME.' --password= '.PERCH_DB_PASSWORD.' '.PERCH_DB_DATABASE.' > backup/backup.sql’);

    Here, the characters in PERCH_DB_PASSWORD, that might cause harm, should be escaped.

    Please consider updating the Backup App asap.

    Thank you.