Generation of .env file from environment variables fails to replace password properly

[Kangie]

Expected Behavior

Any password stored in the DB_PASS environment variable should be parsed by /etc/cont-init.d/50-config

Current Behavior

Passwords containing sed special characters break the current sed-based .env initialisation.

For example, the password !UX$vzT!2!w6r3sEb2XXFW&Y2byHc will be expanded to:

"s/DB_PASSWORD=database_user_password/DB_PASSWORD=!UX$vzT!2!w6r3sEb2XXFW&Y2byHc/g"

To be evaluated by sed, which results in the following (undesirable) substitution, and prevents bookstack from connecting to the database and initialising:

DB_PASSWORD=!UX!2!w6r3sEb2XXFWDB_PASSWORD=database_user_passwordY2byHc

The root cause of this issue is that the password is blindly dumped into the sed substitution without having special characters ($, &, \, etc) escaped.

It would seem likely that issues such as #95 and #87 are related to this, as special characters inside passwords are not uncommon.

This can be addressed by updating /etc/cont-init.d/50-config to properly escape any special characters in an intermediary environment variable.

Steps to Reproduce

1. Take docker-compose from readme and set password to !UX$vzT!2!w6r3sEb2XXFW&Y2byHc
2. Attempt to start the stack; It will fail as the bookstack container is unable to authenticate with the DB
3. View /config/www/.env and verify that your DB user password was not substituted successfully.

Environment

OS: Linux (Gentoo) CPU architecture: x86_64 How docker service was installed:

Installed via Portage (from Gentoo repo)

Command used to create docker container (run/create/compose/screenshot)

N/A

Docker logs

N/A

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[Majr25]

This issue has returned due to regression in 5a5da8d6