From fbc06c160427eea68a00f07061ae4da1acd7e4f1 Mon Sep 17 00:00:00 2001
From: Sylvain Dusart <sylvain.dusart@gmail.com>
Date: Sat, 3 Oct 2015 21:09:39 +0200
Subject: [PATCH] Protect usernames and database names in "CREATE ROLE",
 "CREATE DATABASE" and "GRANT ALL" requests

This enables to use "-" in for usernames or database names (eg myApp-client1).
---
 entrypoint.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index ab65d7b..9761cd7 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -188,7 +188,7 @@ if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
       DB_USER=
     else
       echo "Creating user \"${REPLICATION_USER}\"..."
-      echo "CREATE ROLE ${REPLICATION_USER} WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
+      echo "CREATE ROLE \"${REPLICATION_USER}\" WITH REPLICATION LOGIN ENCRYPTED PASSWORD '${REPLICATION_PASS}';" |
         sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
           -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
     fi
@@ -203,7 +203,7 @@ if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
       DB_USER=
     else
       echo "Creating user \"${DB_USER}\"..."
-      echo "CREATE ROLE ${DB_USER} with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
+      echo "CREATE ROLE \"${DB_USER}\" with LOGIN CREATEDB PASSWORD '${DB_PASS}';" |
         sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
           -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
     fi
@@ -212,7 +212,7 @@ if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
   if [[ -n ${DB_NAME} ]]; then
     for db in $(awk -F',' '{for (i = 1 ; i <= NF ; i++) print $i}' <<< "${DB_NAME}"); do
       echo "Creating database \"${db}\"..."
-      echo "CREATE DATABASE ${db};" | \
+      echo "CREATE DATABASE \"${db}\";" | \
         sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
           -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
 
@@ -225,7 +225,7 @@ if [[ ${PSQL_MODE} == standalone || ${PSQL_MODE} == master ]]; then
 
       if [[ -n ${DB_USER} ]]; then
         echo "Granting access to database \"${db}\" for user \"${DB_USER}\"..."
-        echo "GRANT ALL PRIVILEGES ON DATABASE ${db} to ${DB_USER};" |
+        echo "GRANT ALL PRIVILEGES ON DATABASE \"${db}\" to \"${DB_USER}\";" |
           sudo -Hu ${PG_USER} ${PG_BINDIR}/postgres --single \
             -D ${PG_DATADIR} -c config_file=${PG_CONFDIR}/postgresql.conf >/dev/null
       fi