From baeccdc5477a175fbcf29cd36bd516ef5b2521d8 Mon Sep 17 00:00:00 2001 From: Galen Wright-Watson Date: Sat, 26 Jan 2019 23:07:43 -0800 Subject: [PATCH 1/3] Fix: #22577-"bad flag in substitute command" if password has a '/' character. Cause: unescaped special characters (forward slash) in variable get interpreted as part of sed script. Soln: escape forward slashes when interpolating into sed script. --- tests/bin/install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/bin/install.sh b/tests/bin/install.sh index 88667caacf0..941400efbcf 100755 --- a/tests/bin/install.sh +++ b/tests/bin/install.sh @@ -91,7 +91,9 @@ install_test_suite() { sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR/':" "$WP_TESTS_DIR"/wp-tests-config.php sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php - sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php + # escape the regex delim if not already escaped (i.e. if preceded by an even number of backslashes) + E_DB_PASS=$(echo $DB_PASS | sed -E -e 's%((^|[^\\])(\\\\)*)/%\1\\/%') + sed $ioption "s/yourpasswordhere/${E_DB_PASS}/" "$WP_TESTS_DIR"/wp-tests-config.php sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php fi From 8627fc39b97beb361345098db882d220a0cc0802 Mon Sep 17 00:00:00 2001 From: Galen Wright-Watson Date: Mon, 28 Jan 2019 18:51:11 -0800 Subject: [PATCH 2/3] Update: install script-escape forward & backward slashes and ampersand in supplied password. --- tests/bin/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/bin/install.sh b/tests/bin/install.sh index 941400efbcf..77d081b9505 100755 --- a/tests/bin/install.sh +++ b/tests/bin/install.sh @@ -92,7 +92,7 @@ install_test_suite() { sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php # escape the regex delim if not already escaped (i.e. if preceded by an even number of backslashes) - E_DB_PASS=$(echo $DB_PASS | sed -E -e 's%((^|[^\\])(\\\\)*)/%\1\\/%') + E_DB_PASS=$(echo $DB_PASS | sed -E -e 's%([/&\\])%\\\1%g') sed $ioption "s/yourpasswordhere/${E_DB_PASS}/" "$WP_TESTS_DIR"/wp-tests-config.php sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php fi From 00610db7fe660b98a4f2763df7dfe0399afdbb95 Mon Sep 17 00:00:00 2001 From: Galen Wright-Watson Date: Fri, 1 Feb 2019 14:45:29 -0800 Subject: [PATCH 3/3] Update: docmented install script's handling of metacharacters in passwords. --- tests/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/README.md b/tests/README.md index feddd0d7560..835ecf37f82 100644 --- a/tests/README.md +++ b/tests/README.md @@ -14,10 +14,17 @@ $ tests/bin/install.sh [db-host] ``` -Sample usage: +The `` will be set as given. Previously, you would have needed to escape certain characters (forward & backward slashes, and ampersand), but install.sh now escapes them when it needs to internally. You may still need to quote strings with backslashes to prevent them from being processed by the shell or other programs. + +Sample usages: $ tests/bin/install.sh woocommerce_tests root root + # The actual password only has a single backslash, but it's escaped + # to prevent the shell and PHP from treating it as a backspace character + $ tests/bin/install.sh woocommerce_tests root 'a\\b/&' + # Previously, the password would have had to be passed as 'a\\\\b\/\&' + **Important**: The `` database will be created if it doesn't exist and all data will be removed during testing. ## Running Tests