Environment variables need to be escaped

[jeaye]

Variables like POSTGRES_PASSWORD may contain ' or $, which will cause bash to intercept them and open the door to errors. This is an injection problem, yes, but it's also just a convenience problem. Lots of secure (randomly generated) passphrases use quotes and dollar signs.

database_1   | 2018-08-23 20:20:50.925 UTC [66] ERROR:  unrecognized role option "fun" at character 52
database_1   | 2018-08-23 20:20:50.925 UTC [66] STATEMENT:  CREATE USER "zulip" WITH SUPERUSER PASSWORD 'zulip'fun' ;
database_1   | ERROR:  unrecognized role option "fun"
database_1   | LINE 1: CREATE USER "zulip" WITH SUPERUSER PASSWORD 'zulip'fun' ;
database_1   |                                                            ^

This issue originally comes from zulip/docker-zulip#143 (comment)

[wglambert]

Similar MariaDB/mariadb-docker#183

[tianon]

I thought this would have a similarly sad ending like that discussion, but it turns out that psql has functionality which makes this really trivial for us to implement!

https://stackoverflow.com/a/18683163/433558
https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-VARIABLES
https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-INTERPOLATION

[tianon]

#489 👍

[jeaye]

Thank you!