From 23c63bbd4d134d508c8ec04417125c9eaed21f00 Mon Sep 17 00:00:00 2001
From: grossmj <grossmj@gns3.net>
Date: Thu, 21 Dec 2017 09:38:18 +0100
Subject: [PATCH] Protect variable replacement for Qemu options. Escape double
 quotes.

---
 gns3server/compute/qemu/qemu_vm.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gns3server/compute/qemu/qemu_vm.py b/gns3server/compute/qemu/qemu_vm.py
index 6f2b1178..03875fb8 100644
--- a/gns3server/compute/qemu/qemu_vm.py
+++ b/gns3server/compute/qemu/qemu_vm.py
@@ -1645,10 +1645,10 @@ class QemuVM(BaseNode):
         """
 
         additional_options = self._options.strip()
-        additional_options = additional_options.replace("%vm-name%", '"' + self._name + '"')
+        additional_options = additional_options.replace("%vm-name%", '"' + self._name.replace('"', '\\"') + '"')
         additional_options = additional_options.replace("%vm-id%", self._id)
         additional_options = additional_options.replace("%project-id%", self.project.id)
-        additional_options = additional_options.replace("%project-path%", '"' + self.project.path + '"')
+        additional_options = additional_options.replace("%project-path%", '"' + self.project.path.replace('"', '\\"') + '"')
         command = [self.qemu_path]
         command.extend(["-name", self._name])
         command.extend(["-m", "{}M".format(self._ram)])