Closed
Description
What happened?
Description
When generating a database backup from the ui and the CRAFT_DB_PASSWORD is set to a string containing "!" (exlamation mark) or "`" (backtick), then the backup (in the admin ui) fails. In the logs we can find the reason:
2025-04-23 12:34:00 [web.ERROR] [yii\base\Exception] Could not create backup: The shell command "PGPASSWORD="password-containing-backtick-or-!-somewhere" pg_dump '--dbname'='db-name' '--host'='host' '--port'='5432' '--username'='user' '--if-exists' '--clean' '--no-owner' '--no-privileges' '--no-acl' '--file'='filepath' '--schema'='public' '--exclude-table-data' 'public.assetindexdata' '--exclude-table-data' 'public.cache' '--exclude-table-data' 'public.imagetransformindex' '--exclude-table-data' 'public.resourcepaths' '--exclude-table-data' 'public.phpsessions' '--exclude-table-data' 'public.sessions'" failed with exit code 2: sh: 1: Syntax error: EOF in backquote substitution {"trace":["#0 [internal function]: craft\\controllers\\UtilitiesController->actionDbBackupPerformAction()","#1 /home/site/wwwroot/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)","#2 /home/site/wwwroot/vendor/yiisoft/yii2/base/Controller.php(178): yii\\base\\InlineAction->runWithParams(Array)","#3 /home/site/wwwroot/vendor/yiisoft/yii2/base/Module.php(552): yii\\base\\Controller->runAction('db-backup-perfo...', Array)","#4 /home/site/wwwroot/vendor/craftcms/cms/src/web/Application.php(361): yii\\base\\Module->runAction('utilities/db-ba...', Array)","#5 /home/site/wwwroot/vendor/craftcms/cms/src/web/Application.php(660): craft\\web\\Application->runAction('utilities/db-ba...', Array)","#6 /home/site/wwwroot/vendor/craftcms/cms/src/web/Application.php(323): craft\\web\\Application->_processActionRequest(Object(craft\\web\\Request))","#7 /home/site/wwwroot/vendor/yiisoft/yii2/base/Application.php(384): craft\\web\\Application->handleRequest(Object(craft\\web\\Request))","#8 /home/site/wwwroot/web/index.php(12): yii\\base\\Application->run()","#9 {main}"],"memory":2918072,"exception":"[object] (yii\\base\\Exception(code: 0): Could not create backup: The shell command \"PGPASSWORD=\"password-containing-backtick-or-!-somewhere\" pg_dump '--dbname'='db-name' '--host'='host' '--port'='5432' '--username'='user' '--if-exists' '--clean' '--no-owner' '--no-privileges' '--no-acl' '--file'='filename' '--schema'='public' '--exclude-table-data' 'public.assetindexdata' '--exclude-table-data' 'public.cache' '--exclude-table-data' 'public.imagetransformindex' '--exclude-table-data' 'public.resourcepaths' '--exclude-table-data' 'public.phpsessions' '--exclude-table-data' 'public.sessions'\" failed with exit code 2: sh: 1: Syntax error: EOF in backquote substitution at /home/site/wwwroot/vendor/craftcms/cms/src/controllers/UtilitiesController.php:256)"}
The backtick triggers this error. When i remove it then i face another problem: the exclamation mark: In bash this is interpreted as event. If i enter "!Test" as password, then i get the error -bash: !Test: event not found
Steps to reproduce
- Setup craft with a postgres-db
- Choose a password with backtick or exclamation mark
- Do a database-backup via admin-ui
Expected behavior
The special characters should be escaped properly when the command is concatinated.
Actual behavior
The special characters are not properly escaped.
Craft CMS version
5.7.2
PHP version
8.2
Operating system and version
Debian GNU/Linux 11 (bullseye)
Database type and version
Postgres 15.12
Image driver and version
No response
Installed plugins and versions
- craftcms/ckeditor: 4.7.0
- verbb/field-manager: 4.0.3
- verbb/zen 2.0.4