Module breaks with certain "root_password"s due to not being shell-escaped

[TwizzyDizzy]

Hi folks,

it seems as though the module breaks, when the password is used with a $root_password that contains shell-relevant characters.

Consider this password: hu7eithei4kaeeke@C;om

puppet-galera/manifests/init.pp

Lines 551 to 560 in b319c97

	exec { 'create .my.cnf for user root':
	path => '/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin',
	command => "echo \"${my_cnf}\" > ${facts['root_home']}/.my.cnf",
	onlyif => [
	"mysql --user=root --password=${root_password} -e 'select count(1);'",
	"test `cat ${facts['root_home']}/.my.cnf | grep -c \"password='${root_password}'\"` -eq 0",
	],
	require => Service[$params['mysql_service_name']],
	before => $_root_my_cnf_before,
	}

Line 555 leads to:

Error: /Stage[main]/Galera/Exec[create .my.cnf for user root]: Could not evaluate: sh: om: command not found

Obviously this cuts off after the ; and tries to execute the rest of the string in the shell context.

It's probably wise to use stdlib shell_escape.

Shall I prepare a merge request for that?

Cheers
Thomas

[fraenki]

It's probably wise to use stdlib shell_escape.

Hm, this may not be possible according to the documentation:

Note:* that the resulting string should be used unquoted and is not intended for use in double quotes nor in single quotes.

Any thoughts?