Ticket #3892: mythtv-mythfilldatabase-single_quote_in_password.patch
File mythtv-mythfilldatabase-single_quote_in_password.patch, 1.0 KB (added by , 17 years ago) |
---|
-
libs/libmythtv/datadirect.cpp
985 985 poststream << "</SOAP-ENV:Envelope>\n"; 986 986 postfile.close(); 987 987 988 // Allow for single quotes in userid and password (shell escape) 989 password.replace('\'', "'\\''"); 990 userid.replace('\'', "'\\''"); 988 991 QString command = QString( 989 992 "wget --http-user='%1' --http-passwd='%2' --post-file='%3' " 990 993 "--header='Accept-Encoding:gzip' %4 --output-document=- ") … … 1035 1038 1036 1039 QString command = QString("wget --http-user='%1' --http-passwd='%2' " 1037 1040 "--post-file='%3' %4 --output-document='%5'") 1038 .arg(GetUserID()).arg(GetPassword()).arg(GetPostFilename()) 1041 .arg(GetUserID().replace('\'', "'\\''")) 1042 .arg(GetPassword().replace('\'', "'\\''")).arg(GetPostFilename()) 1039 1043 .arg(ddurl).arg(GetResultFilename()); 1040 1044 1041 1045 if (SHOW_WGET_OUTPUT)