From: Dan Brown <redacted>
Date: Wed, 14 May 2025 11:12:02 +0000 (+0100)
Subject: Added escaping for MySQL config options
X-Git-Url: http://source.bookstackapp.com/system-cli/commitdiff_plain/refs/heads/22-mysql-cred-escaping?ds=inline

Added escaping for MySQL config options

Quotes string values and specifically escapes backslashes so they're not
misintepreted as special chars in the config.

For #22
---

diff --git a/src/Services/MySqlRunner.php b/src/Services/MySqlRunner.php
index d83f446..e1c4a0f 100644
--- a/src/Services/MySqlRunner.php
+++ b/src/Services/MySqlRunner.php
@@ -32,7 +32,8 @@ class MySqlRunner
     protected function createOptionsFile(): string
     {
         $path = tempnam(sys_get_temp_dir(), 'bs-cli-mysql-opts');
-        $contents = "[client]\nuser={$this->user}\nhost={$this->host}\nport={$this->port}\npassword={$this->password}\nprotocol=TCP";
+        $password = str_replace('\\', '\\\\', $this->password);
+        $contents = "[client]\nuser='{$this->user}'\nhost='{$this->host}'\nport={$this->port}\npassword='{$password}'\nprotocol=TCP";
         file_put_contents($path, $contents);
         chmod($path, 0600);
         return $path;