From 84c66990c34d3bb28c3eef819fbfcd2bd470e44c Mon Sep 17 00:00:00 2001
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Date: Sat, 16 Mar 2019 23:04:33 +0100
Subject: [PATCH] Avoid having to shell-escape arguments in
 ynh_handle_getopts_args

Fixes $ ` and \ injections.
---
 data/helpers.d/getopts | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/data/helpers.d/getopts b/data/helpers.d/getopts
index 694543e1d..894c9395f 100644
--- a/data/helpers.d/getopts
+++ b/data/helpers.d/getopts
@@ -152,19 +152,8 @@ ynh_handle_getopts_args () {
 									# If there's already another value for this option, add a ; before adding the new value
 									eval ${option_var}+="\;"
 								fi
-								# Escape double quote to prevent any interpretation during the eval
-								all_args[$i]="${all_args[$i]//\"/\\\"}"
-								# Escape $ as well to prevent the string following it to be seen as a variable.
-								all_args[$i]="${all_args[$i]//$/\\\$}"
 
-								# For the record.
-								# We're using eval here to get the content of the variable stored itself as simple text in $option_var...
-								# Other ways to get that content would be to use either ${!option_var} or declare -g ${option_var}
-								# But... ${!option_var} can't be used as left part of an assignation.
-								# declare -g ${option_var} will create a local variable (despite -g !) and will not be available for the helper itself.
-								# So... Stop fucking arguing each time that eval is evil... Go find an other working solution if you can find one!
-
-								eval ${option_var}+=\"${all_args[$i]}\"
+								eval ${option_var}+='"${all_args[$i]}"'
 								shift_value=$(( shift_value + 1 ))
 							fi
 						done
@@ -202,14 +191,7 @@ ynh_handle_getopts_args () {
 				# The variable name will be stored in 'option_var'
 				local option_var="${args_array[$option_flag]%=}"
 
-				# Escape double quote to prevent any interpretation during the eval
-				arguments[$i]="${arguments[$i]//\"/\\\"}"
-				# Escape $ as well to prevent the string following it to be seen as a variable.
-				arguments[$i]="${arguments[$i]//$/\\\$}"
-
-				# Store each value given as argument in the corresponding variable
-				# The values will be stored in the same order than $args_array
-				eval ${option_var}+=\"${arguments[$i]}\"
+				eval ${option_var}+='"${arguments[$i]}"'
 			done
 			unset legacy_args
 		else