Comment 4 for bug 363153

barney_1 (szczys) wrote :

Looking at the problem it seems that user input strings (ie: passwords) need to be encapsulated in double quotes in order to protect special characters like ampersands (&).

For instance, I'm looking in the ubiquity package source code: scripts/mythbuntu/mythbuntu-install.py and we see the password read in:

self.passwd=self.db.get('passwd/user-password')

Subsequently, self.passwd is then passed in several functions throughout the script. Can't this be protected if we change the readin of the password to include double quotes? For example:

self.passwd='\"'+self.db.get('passwd/user-password')+'\"'

Is this the concept correct, and if so, how do I test the ubiquity package after making the changes?