Bug 847010 - Is not possible use remote command script with escape dollar and backslash (\$)
Is not possible use remote command script with escape dollar and backslash (\$)
Product: Spacewalk
Classification: Community
Component: WebUI (Show other bugs)
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
Depends On:
Blocks: space18
  Show dependency treegraph
Reported: 2012-08-09 08:41 EDT by Jan Dlouhy
Modified: 2012-11-01 12:21 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-11-01 12:21:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Dlouhy 2012-08-09 08:41:51 EDT
Description of problem:
If are inserted char backslash and dollar (\$) in remote command script, finish spacewalk web with error 500 Error - Internal Server Error.

Version-Release number of selected component (if applicable):
Spacewalk 1.7

How reproducible:
Insert char backslash and dollar together (\$) or in quotation marks ("\$") in to remote command script. If are inserted in apostrophe ('\$') script works good. 

Steps to Reproduce:
1.Spacewalk system -> Details -> Remote Command:
Run as user*: root
Run as group*: root
Timeout (seconds): 600
echo "\$"
=> error 500 Error - Internal Server Error
Actual results:
Is not possible use script if you need escape dollar with backslash.

Expected results:
Fixed bug in Web GUI it will enable to use scripts with escape dollar.

Additional info:
Comment 1 Tomas Lestach 2012-09-07 07:37:07 EDT
I tried to reproduce the issue both on latest Spacewalk nightly and Spacewalk 1.7, but didn't get any ISE.

In both cases I was able to schedule the remote command and execute it by running rhn_check on the client.

On spw1.7 I use spacewalk-html-1.7.28-1.el5.

Do you still see the issue? Would you, please, try to describe the reproducer more precisely and attach the appropriate logs?
Comment 2 Jan Dlouhy 2012-09-10 09:58:31 EDT
unfortunately spacewalk no have error in log (/var/log/rhn/* and catalina.out), but i think where is problem. I used spacewalk with postgresql database and in database log is error:

ERROR:  invalid input syntax for type bytea
          INTO rhnActionScript
               (id, action_id, script, username, groupname, timeout)
        VALUES (sequence_nextval('rhn_actscript_id_seq'), $1, $2, $3, $4, $5)

I have version of spacewalk + postgresql:

I can help you with description error? Thank you very much for help with problem.
Comment 3 Tomas Lestach 2012-09-14 09:38:23 EDT
Reproduced on latest nightly ...

Error message:
  RHN::Exception: DBD::Pg::st execute failed: ERROR:  invalid input syntax for type bytea
  RHN::DB /usr/share/perl5/vendor_perl/RHN/DB.pm 121 RHN::Exception::DB::throw
  RHN::DB::st /usr/share/perl5/vendor_perl/RHN/DB.pm 452 RHN::DB::handle_error
  RHN::DB::Scheduler /usr/share/perl5/vendor_perl/RHN/DB/Scheduler.pm 1563 RHN::DB::st::execute_h
  Sniglets::Servers /usr/share/perl5/vendor_perl/Sniglets/Servers.pm 798 RHN::DB::Scheduler::schedule_remote_command
  PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 482 Sniglets::Servers::remote_command_cb
  PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 PXT::ApacheHandler::pxt_parse_data
  PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 (eval)
  main -e 0 PXT::ApacheHandler::handler
  main -e 0 (eval)
Comment 4 Jan Pazdziora 2012-10-12 08:46:33 EDT
Fixed in Spacewalk nightly, 4148c37113015260df7982d81f8e5dbb6b522c41.
Comment 5 Jan Pazdziora 2012-10-30 15:25:53 EDT
Moving ON_QA. Packages that address this bugzilla should now be available in yum repos at http://yum.spacewalkproject.org/nightly/
Comment 6 Jan Pazdziora 2012-11-01 12:21:44 EDT
Spacewalk 1.8 has been released: https://fedorahosted.org/spacewalk/wiki/ReleaseNotes18

Note You need to log in before you can comment on or make changes to this bug.