clone 710331 -1 reassign -1 dbconfig-common retitle -1 special characters should be escaped when used in templates block 710331 by -1 retitle 710331 cacti: no special character handling in configuration thanks
Cacti uses dbconfig-common to configure the cacti database connection. However, as far as I can tell dbconfig-common doesn't do anything to ensure proper handling of special characters in strings. If I have a password for my database containing special characters, I get them all as they were, making the procedure impossible to use with templates. E.g. the following line ends up exactly like it is: x" '\ making either " or ' as string delimiters (or no delimiters) in php or sh not doing the right thing. Of course the proper escaping depends on the language of the template, e.g. for sh the above line could be escaped as: 'x" '\''\' or with a lot more care to take all variations into account: "x\" '\\" for php, it needs to be something like 'x" \'\\' or "x\" '\\" and probably for other languages even something different. Of course, the template in cacti should not contain the quotes anymore when dbconfig-common escapes the strings properly. So I clone the bug accordingly.
signature.asc
Description: OpenPGP digital signature