From: Marcin Haba <marcin.haba@bacula.pl>
Date: Thu, 25 Jul 2019 06:47:37 +0000 (+0200)
Subject: baculum: Allow dollar character in bconsole commands (used for paths)
X-Git-Tag: Release-9.6.0~181
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af7abea4b9edd49ae39fc22ce11b6e6df7bdfd07;p=thirdparty%2Fbacula.git

baculum: Allow dollar character in bconsole commands (used for paths)
---

diff --git a/gui/baculum/protected/API/Class/Bconsole.php b/gui/baculum/protected/API/Class/Bconsole.php
index eb2ffffed5..ad698d704b 100644
--- a/gui/baculum/protected/API/Class/Bconsole.php
+++ b/gui/baculum/protected/API/Class/Bconsole.php
@@ -230,6 +230,7 @@ class Bconsole extends APIModule {
 
 	private function getCommand($pattern, $sudo, $director, $bconsole_command) {
 		$command = array('cmd' => null, 'out_id' => null);
+		$misc = $this->getModule('misc');
 		if ($pattern === self::BCONSOLE_BG_COMMAND_PATTERN || $pattern === self::BCONSOLE_CONFIRM_YES_BG_COMMAND_PATTERN) {
 			$file = $this->prepareOutputFile();
 			$cmd = sprintf(
@@ -241,7 +242,7 @@ class Bconsole extends APIModule {
 				$director,
 				$file
 			);
-			$command['cmd'] = $cmd;
+			$command['cmd'] = $misc->escapeCharsToConsole($cmd);
 			$command['out_id'] = preg_replace('/^[\s\S]+\/output_/', '', $file);
 		} else {
 			$cmd = sprintf(
@@ -252,7 +253,7 @@ class Bconsole extends APIModule {
 				$director,
 				$bconsole_command
 			);
-			$command['cmd'] = $cmd;
+			$command['cmd'] = $misc->escapeCharsToConsole($cmd);
 			$command['out_id'] = '';
 		}
 		return $command;
@@ -278,6 +279,7 @@ class Bconsole extends APIModule {
 			self::getCmdPath(),
 			self::getCfgPath()
 		);
+		$cmd = $this->getModule('misc')->escapeCharsToConsole($cmd);
 		exec($cmd, $output, $exitcode);
 		if($exitcode != 0) {
 			$emsg = ' Output=>' . implode("\n", $output) . ', Exitcode=>' . $exitcode;
diff --git a/gui/baculum/protected/Common/Class/Miscellaneous.php b/gui/baculum/protected/Common/Class/Miscellaneous.php
index f2465681ba..fb4731786e 100644
--- a/gui/baculum/protected/Common/Class/Miscellaneous.php
+++ b/gui/baculum/protected/Common/Class/Miscellaneous.php
@@ -220,7 +220,7 @@ class Miscellaneous extends TModule {
 	}
 
 	public function isValidPath($path) {
-		return (preg_match('/^[\p{L}\p{N}\p{Z}\[\]\(\)\-\+\/\\\:\.#~_,{}!\']{0,10000}$/u', $path) === 1);
+		return (preg_match('/^[\p{L}\p{N}\p{Z}\[\]\-\'\/\\(){}:.#~_,+!$]{0,10000}$/u', $path) === 1);
 	}
 
 	public function isValidReplace($replace) {
@@ -247,6 +247,10 @@ class Miscellaneous extends TModule {
 		return (preg_match('/^[a-zA-Z0-9]+$/', $str) === 1);
 	}
 
+	public function escapeCharsToConsole($path) {
+		return preg_replace('/([$])/', '\\\${1}', $path);
+	}
+
 
 	/**
 	 * Writing INI-style configuration file.