From 70a4ef022278898ed8957e12a3450ea064c6d2bc Mon Sep 17 00:00:00 2001
From: Victor Saisa Lopez <victor@processmaker.com>
Date: Wed, 28 Sep 2016 14:58:48 -0400
Subject: [PATCH] HOR-1957 "Error al ejecutar el comando  workspace-backup"
 SOLVED

Issue:
    Error al ejecutar el comando  workspace-backup
Cause:
    Incorrecto manejo de caracteres especiales al ejecutar un shell command
Solution:
    Se escapan los caracteres especiales al ejecutar un shell command
---
 gulliver/system/class.dbMaintenance.php   | 4 ++--
 workflow/engine/classes/class.wsTools.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php
index 221476d6e..496fd6e1c 100644
--- a/gulliver/system/class.dbMaintenance.php
+++ b/gulliver/system/class.dbMaintenance.php
@@ -405,7 +405,7 @@ class DataBaseMaintenance
             $dbPort = $aHost[1];
             $command = 'mysqldump'
                 . ' --user=' . $this->user
-                . ' --password=' . str_replace('"', '\"', str_replace("'", "\'", quotemeta($this->passwd)))
+                . ' --password=' . escapeshellarg($this->passwd)
                 . ' --host=' . $dbHost
                 . ' --port=' . $dbPort
                 . ' --opt'
@@ -418,7 +418,7 @@ class DataBaseMaintenance
                 . ' --user=' . $this->user
                 . ' --opt'
                 . ' --skip-comments'
-                . ' --password=' . str_replace('"', '\"', str_replace("'", "\'", quotemeta($this->passwd)))
+                . ' --password=' . escapeshellarg($this->passwd)
                 . ' ' . $this->dbName
                 . ' > ' . $outfile;
         }
diff --git a/workflow/engine/classes/class.wsTools.php b/workflow/engine/classes/class.wsTools.php
index 2fc1e5889..2acdcb0f1 100644
--- a/workflow/engine/classes/class.wsTools.php
+++ b/workflow/engine/classes/class.wsTools.php
@@ -1402,7 +1402,7 @@ class workspaceTools
                     . ' --host=' . $dbHost
                     . ' --port=' . $dbPort
                     . ' --user=' . $parameters['dbUser']
-                    . ' --password=' . str_replace('"', '\"', str_replace("'", "\'", quotemeta($parameters['dbPass'])))//no change! supports the type passwords: .\+*?[^]($)'"\"'
+                    . ' --password=' . escapeshellarg($parameters['dbPass'])
                     . ' --database=' . mysql_real_escape_string($database)
                     . ' --default_character_set utf8'
                     . ' --execute="SOURCE ' . $filename . '"';
@@ -1410,7 +1410,7 @@ class workspaceTools
                 $command = 'mysql'
                     . ' --host=' . $dbHost
                     . ' --user=' . $parameters['dbUser']
-                    . ' --password=' . str_replace('"', '\"', str_replace("'", "\'", quotemeta($parameters['dbPass'])))//no change! supports the type passwords: .\+*?[^]($)'"\"'
+                    . ' --password=' . escapeshellarg($parameters['dbPass'])
                     . ' --database=' . mysql_real_escape_string($database)
                     . ' --default_character_set utf8'
                     . ' --execute="SOURCE ' . $filename . '"';