From: ivan <ivan>
Date: Thu, 18 Mar 2004 22:35:32 +0000 (+0000)
Subject: quote already-crypted passwords to prevent variable substitution
X-Git-Tag: NET_WHOIS_RAW_0_31~53
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=880355353822e9d4a2fbd9100cad7c74179c1a59

quote already-crypted passwords to prevent variable substitution
---

diff --git a/FS/FS/part_export/shellcommands.pm b/FS/FS/part_export/shellcommands.pm
index 1eb0d8367..9fad36dad 100644
--- a/FS/FS/part_export/shellcommands.pm
+++ b/FS/FS/part_export/shellcommands.pm
@@ -63,7 +63,7 @@ sub _export_command {
   #eventually should check a "password-encoding" field
   if ( length($svc_acct->_password) == 13
        || $svc_acct->_password =~ /^\$(1|2a?)\$/ ) {
-    $crypt_password = $svc_acct->_password;
+    $crypt_password = shell_quote $svc_acct->_password;
   } else {
     $crypt_password = crypt(
       $svc_acct->_password,
@@ -98,7 +98,7 @@ sub _export_replace {
   #eventuall should check a "password-encoding" field
   if ( length($new->_password) == 13
        || $new->_password =~ /^\$(1|2a?)\$/ ) {
-    $new_crypt_password = $new->_password;
+    $new_crypt_password = shell_quote $new->_password;
   } else {
     $new_crypt_password =
       crypt( $new->_password, $saltset[int(rand(64))].$saltset[int(rand(64))]