ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-25 06:10:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Re-allow templating of complex_args, but count params to prevent injection

Browse source 
Fixes #8810
This commit is contained in:
James Cammarata 2014-09-04 16:00:02 -05:00
commit 8cc3543918
4 changed files with 45 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/ansible/playbook/play.py
View file

@ -757,11 +757,6 @@ class Play(object):
# *************************************************
def _has_vars_in(self, msg):
return "$" in msg or "{{" in msg
# *************************************************
def _update_vars_files_for_host(self, host, vault_password=None):
def generate_filenames(host, inject, filename):
@ -782,7 +777,7 @@ class Play(object):
# filename4 is the dwim'd path, but may also be mixed-scope, so we use
# both play scoped vars and host scoped vars to template the filepath
if self._has_vars_in(filename3) and host is not None:
if utils.contains_vars(filename3) and host is not None:
inject.update(self.vars)
filename4 = template(self.basedir, filename3, inject)
filename4 = utils.path_dwim(self.basedir, filename4)
@ -810,8 +805,8 @@ class Play(object):
raise errors.AnsibleError("%s must be stored as a dictionary/hash" % filename4)
if host is not None:
target_filename = None
if self._has_vars_in(filename2):
if not self._has_vars_in(filename3):
if utils.contains_vars(filename2):
if not utils.contains_vars(filename3):
target_filename = filename3
else:
target_filename = filename4
@ -860,7 +855,7 @@ class Play(object):
else:
# just one filename supplied, load it!
filename2, filename3, filename4 = generate_filenames(host, inject, filename)
if self._has_vars_in(filename4):
if utils.contains_vars(filename4):
continue
if process_files(filename, filename2, filename3, filename4, host=host):
processed.append(filename)