diff options
| author | Aaron Ball <nullspoon@oper.io> | 2018-09-28 18:05:54 -0600 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2018-09-28 18:05:54 -0600 |
| commit | 9829b4d3d882c554255eeeea107ae0f858cfd866 (patch) | |
| tree | 6709db038d2b2cc46303ae995da34ed2829a3c70 | |
| parent | c0b905ef5cacb1f52dedde0d329c223d3dd29a90 (diff) | |
| download | bin-9829b4d3d882c554255eeeea107ae0f858cfd866.tar.gz bin-9829b4d3d882c554255eeeea107ae0f858cfd866.tar.xz | |
pt:Escape ` char in passwords
The backtick char can cause all kinds of issues, since it allows for
execution of subshell code.
| -rwxr-xr-x | pt | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -100,7 +100,7 @@ function main { [[ $? -gt 0 ]] && log "Error: '${@}' is not in the password store" && exit 1 # Parse pass output into appropriate variables - _passpassword=$(printf -- "%s" "${_passentry}" | head -n1) + _passpassword=$(printf -- "%s" "${_passentry}" | head -n1 | sed 's/`/\`/g') _passusername=$(getfield "${_passentry}" ':' username) _passdelim=$(getfield "${_passentry}" ':' delim) _passsubmit=$(getfield "${_passentry}" ':' submit) |