Looking at the problem it seems that user input strings (ie: passwords) need to be encapsulated in double quotes in order to protect special characters like ampersands (&).
For instance, I'm looking in the ubiquity package source code: scripts/mythbuntu/mythbuntu-install.py and we see the password read in:
self.passwd=self.db.get('passwd/user-password')
Subsequently, self.passwd is then passed in several functions throughout the script. Can't this be protected if we change the readin of the password to include double quotes? For example:
Looking at the problem it seems that user input strings (ie: passwords) need to be encapsulated in double quotes in order to protect special characters like ampersands (&).
For instance, I'm looking in the ubiquity package source code: scripts/ mythbuntu/ mythbuntu- install. py and we see the password read in:
self.passwd= self.db. get('passwd/ user-password' )
Subsequently, self.passwd is then passed in several functions throughout the script. Can't this be protected if we change the readin of the password to include double quotes? For example:
self.passwd= '\"'+self. db.get( 'passwd/ user-password' )+'\"'
Is this the concept correct, and if so, how do I test the ubiquity package after making the changes?