From dacef1915ac1ec88400ac69b6c37156a81ac5602 Mon Sep 17 00:00:00 2001
From: Jim Kleckner <jim@cloudphysics.com>
Date: Thu, 2 Jan 2014 12:04:03 -0800
Subject: [PATCH] Add quotes to password argument for dump/import

The password is passed on a command line for dump and import and needs
quoting.

Ideally, this would not be passed on a command line at all - any ideas?
Or at least have a stronger form of quoting so that embedded single
quotes will be escaped.
---
 library/database/mysql_db | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/database/mysql_db b/library/database/mysql_db
index b6fbe5f83f9..cf987011152 100644
--- a/library/database/mysql_db
+++ b/library/database/mysql_db
@@ -118,7 +118,7 @@ def db_delete(cursor, db):
 
 def db_dump(module, host, user, password, db_name, target, port, socket=None):
     cmd = module.get_bin_path('mysqldump', True)
-    cmd += " --quick --user=%s --password=%s" %(user, password)
+    cmd += " --quick --user=%s --password='%s'" %(user, password)
     if socket is not None:
         cmd += " --socket=%s" % socket
     else:
@@ -135,7 +135,7 @@ def db_dump(module, host, user, password, db_name, target, port, socket=None):
 
 def db_import(module, host, user, password, db_name, target, port, socket=None):
     cmd = module.get_bin_path('mysql', True)
-    cmd += " --user=%s --password=%s" %(user, password)
+    cmd += " --user=%s --password='%s'" %(user, password)
     if socket is not None:
         cmd += " --socket=%s" % socket
     else: