1 files changed, 16 insertions, 2 deletions

diff --git a/ambari-server/src/main/java/org/apache/ambari/server/notifications/dispatchers/AlertScriptDispatcher.java b/ambari-server/src/main/java/org/apache/ambari/server/notifications/dispatchers/AlertScriptDispatcher.java
index 092aaf4ba4..907588dc47 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/notifications/dispatchers/AlertScriptDispatcher.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/notifications/dispatchers/AlertScriptDispatcher.java
@@ -40,6 +40,8 @@ import org.apache.commons.lang.SystemUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.escape.Escaper;
+import com.google.common.escape.Escapers;
 import com.google.inject.Inject;
 
 /**
@@ -82,6 +84,18 @@ public class AlertScriptDispatcher implements NotificationDispatcher {
   private static final long DEFAULT_SCRIPT_TIMEOUT = 5000L;
 
   /**
+   * Used to escape text being passed into the shell command.
+   */
+  public static final Escaper SHELL_ESCAPE;
+
+  static {
+    final Escapers.Builder builder = Escapers.builder();
+    builder.addEscape('\"', "\\\"");
+    builder.addEscape('!', "\\!");
+    SHELL_ESCAPE = builder.build();
+  }
+
+  /**
    * Configuration data from the ambari.properties file.
    */
   @Inject
@@ -242,8 +256,8 @@ public class AlertScriptDispatcher implements NotificationDispatcher {
 
     // these could have spaces in them, so quote them so they don't mess up the
     // command line
-    String alertLabel = "\"" + definition.getLabel() + "\"";
-    String alertText = "\"" + alertInfo.getAlertText() + "\"";
+    String alertLabel = "\"" + SHELL_ESCAPE.escape(definition.getLabel()) + "\"";
+    String alertText = "\"" + SHELL_ESCAPE.escape(alertInfo.getAlertText()) + "\"";
 
     Object[] params = new Object[] { script, definitionName, alertLabel, serviceName,
         alertState.name(), alertText };