String escape problem
p10tyr opened this issue Β· comments
β οΈ Please verify that this bug has NOT been reported before.
- I checked and didn't find similar issue
π‘οΈ Security Policy
- I agree to have read this project Security Policy
Description
I have migrated from one server to another, the old one was portainer and I thought I may as well use dockge because it doesn't hijack all my data
on the old server, I had a WordPress site with a db password that has a $ in the env on portainer
When I created the stack I noticed the $ seems to have highlighted differently so I enclosed it in double quotes
- save the file and on disk it is quoted
- docker environment throws error something $thing not recognised so will use blank string
- check stack file. still quoted
- reload dockge page quotes are gone
I don't know where the bug is because the stack looks ok.. there definitely is a problem with the GUI stripping out the quotes
the fix for me was to remove the $ from the password. this is not ideal as it is a security issue
π Reproduction steps
version: "3.8"
services:
wordpress:
image: wordpress
restart: always
ports:
- 80:80
environment:
WORDPRESS_DB_HOST: mysql-db-1:3306
WORDPRESS_DB_PASSWORD: "simple$password"
π Expected behavior
version: "3.8"
services:
wordpress:
image: wordpress
restart: always
ports:
- 80:80
environment:
WORDPRESS_DB_HOST: mysql-db-1:3306
WORDPRESS_DB_PASSWORD: "simple$password"
π Actual Behavior
version: "3.8"
services:
wordpress:
image: wordpress
restart: always
ports:
- 80:80
environment:
WORDPRESS_DB_HOST: mysql-db-1:3306
WORDPRESS_DB_PASSWORD: simple$password << $password treated as variable??
Dockge Version
latest
π» Operating System and Arch
debian
π Browser
edge
π Docker Version
latest
π© NodeJS Version
No response
π Relevant log output
No response
I tried Dockge and ran straight into this problem. All quotes seem to get removed when it (re-)loads the docker-compose file into its editor. Sadly, this makes it completely unusable for any of our normal stacks. I wonder if we do something wrong, because I doubt that something basic like this is not implemented correctly?
Edit: I solved my problem by creating the strings using the .env
file and use them as variables. This was kind of appropriate because they were "secret" anyway.
I want to add that I think one can also escape them by using $$
instead of the single $