From 087e11016524a613ee28b9b97a260971f939994f Mon Sep 17 00:00:00 2001
From: Matt Palmer <mpalmer@hezmatt.org>
Date: Wed, 20 Dec 2017 16:54:44 +1100
Subject: [PATCH] FIX: Quote all strings in discourse.conf

Fixes the problem of DB passwords with hashes in them (including passwords
that start with a hash, as reported in https://meta.discourse.org/t/76409).

The problem of passwords with single quotes in them still exists, and will
require modifications to Discourse's GlobalSetting::FileProvider parser,
because the current format doesn't support escaping quote characters.  That
work will have to be deferred to a later time.
---
 templates/web.template.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/web.template.yml b/templates/web.template.yml
index fffea34..316d835 100644
--- a/templates/web.template.yml
+++ b/templates/web.template.yml
@@ -61,7 +61,7 @@ run:
         conf=/var/www/discourse/config/discourse.conf
 
         # find DISCOURSE_ env vars, strip the leader, lowercase the key
-        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
+        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
 
   - file:
      path: /etc/runit/1.d/enable-brotli
-- 
2.25.1