Skip to content

Commit

Permalink
properly escape quotes in passwords by calling to_ruby
Browse files Browse the repository at this point in the history
database passwords can contain special characters, especially " and '
so we can't just print the value of the field enclosed by double quotes
as that would break whenever the user uses a literal " in their password

using to_ruby here and not to_yaml, as the former gives us correct escaping
without the whole `---` and `\n` enclosing that to_yaml forces.
using to_yaml would require to pass *the whole* config hash to it
  • Loading branch information
evgeni committed Oct 16, 2024
1 parent b1a2286 commit 44b811a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion templates/database.yml.epp
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@
username: <%= $username %>
<% } -%>
<% if $password { -%>
password: "<%= $password %>"
password: <%= stdlib::to_ruby($password) %>
<% } -%>
pool: <%= $db_pool %>

0 comments on commit 44b811a

Please sign in to comment.