FIX: escape sso_secret string when migrating to sso_provider_secret (#6634)

FIX: escape sso_secret string when migrating to sso_provider_secret (#6634)

From 592f8c163727e43c2c4fc1da6a844314ce33ed0c Mon Sep 17 00:00:00 2001
From: Maja Komel <maja.komel@gmail.com>
Date: Tue, 20 Nov 2018 15:28:37 +0100
Subject: [PATCH] FIX: escape sso_secret string when migrating to
 sso_provider_secret (#6634)


diff --git a/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb b/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
index 4e95023..b1c7b42 100644
--- a/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
+++ b/db/migrate/20181005084357_add_sso_provider_secrets_to_site_settings.rb
@@ -2,8 +2,10 @@ class AddSsoProviderSecretsToSiteSettings < ActiveRecord::Migration[5.2]
   def up
     return unless SiteSetting.enable_sso_provider && SiteSetting.sso_secret.present?
     sso_secret = SiteSetting.sso_secret
+    sso_secret_insert = ActiveRecord::Base.connection.quote("*|#{sso_secret}")
+
     execute "INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
-             VALUES ('sso_provider_secrets', 8, '*|#{sso_secret}', now(), now())"
+             VALUES ('sso_provider_secrets', 8, #{sso_secret_insert}, now(), now())"
   end
 
   def down

GitHub

2 Likes

This commit has been mentioned on Discourse Meta. There might be relevant details there: