Skip to content

Commit e02f0d1

Browse files
KOWX712KOWX712
committed
webui: escape shell properly
single quote still seems to be evaluated, use double quote and do proper escape instead. #1
1 parent 50dca7a commit e02f0d1

1 file changed

Lines changed: 4 additions & 5 deletions

File tree

webui/index.js

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,8 @@ async function updateStatus() {
4141
}
4242

4343
export function escapeShell(cmd) {
44-
if (cmd === '' || cmd === null || cmd === undefined) return "''";
45-
return "'" + String(cmd).replace(/'/g, "'\\''") + "'";
44+
if (cmd === '' || cmd === null || cmd === undefined) return '""';
45+
return '"' + cmd.replace(/[\\"$`'[\]]/g, '\\$&') + '"';
4646
}
4747

4848
function updateSuperkey(key) {
@@ -51,11 +51,10 @@ function updateSuperkey(key) {
5151
field.value = key;
5252
});
5353
localStorage.setItem('kp-next_superkey', key);
54-
const safeKey = escapeShell(key);
5554
exec(`
56-
key=${safeKey}
55+
key="${btoa(key)}"
5756
if [ -n "$key" ]; then
58-
printf "%s" "$key" | base64 -w0 > /data/adb/kp-next/key
57+
echo "$key" > /data/adb/kp-next/key
5958
if [ -f "${modDir}/unresolved" ]; then
6059
rm -f "${modDir}/unresolved"
6160
busybox nohup sh "${modDir}/service.sh" &

0 commit comments

Comments
 (0)