Module: check_mk
Branch: master
Commit: 0778cedd9602773bb7c050c6ffbe222998aaf52b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0778cedd960277…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Apr 18 09:42:34 2012 +0200
FIX: Escaping single quotes in strings when writing auth.php
---
ChangeLog | 1 +
web/plugins/wato/auth.py | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 84d4b0a..53c3a35 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,7 @@
* FIX: Using pickle instead of repr/eval when reading data structures from
urls to prevent too big security issues
* Rule editor: improve sorting of groups and rulesets
+ * FIX: Escaping single quotes in strings when writing auth.php
Multisite
* Added config option default_ts_format to configure default timestamp
diff --git a/web/plugins/wato/auth.py b/web/plugins/wato/auth.py
index 0290501..19e1a02 100644
--- a/web/plugins/wato/auth.py
+++ b/web/plugins/wato/auth.py
@@ -72,9 +72,9 @@ def parse_php(data, lvl = 1):
s += ' ' * lvl + parse_php(key, lvl + 1) + ' => ' +
parse_php(val, lvl + 1) + ',\n'
s += ' ' * (lvl - 1) + ')'
elif isinstance(data, str):
- s += '\'%s\'' % data
+ s += '\'%s\'' % data.replace('\'',
'\\\'')
elif isinstance(data, unicode):
- s += '\'%s\'' % data.encode('utf-8')
+ s += '\'%s\'' %
data.encode('utf-8').replace('\'', '\\\'')
elif isinstance(data, bool):
s += data and 'true' or 'false'
elif data is None: