From 1f2e7b24bc536f9bee0f1d0fb1885b2466c02272 Mon Sep 17 00:00:00 2001
From: Giovanni Cascione <ing.cascione@gmail.com>
Date: Mon, 14 Mar 2022 23:50:47 +0100
Subject: [PATCH] fixed oe_setup_addon unsafe with user inputs from addons
 settings

---
 packages/mediacenter/kodi/profile.d/00-addons.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/mediacenter/kodi/profile.d/00-addons.conf b/packages/mediacenter/kodi/profile.d/00-addons.conf
index 08284a2a5a..8d20830b71 100644
--- a/packages/mediacenter/kodi/profile.d/00-addons.conf
+++ b/packages/mediacenter/kodi/profile.d/00-addons.conf
@@ -31,9 +31,9 @@ oe_setup_addon() {
       if [ -f "$xml_file" ]; then
         XML_SETTINGS_VER="$(xmlstarlet sel -t -m settings -v @version $xml_file)"
         if [ "$XML_SETTINGS_VER" = "2" ]; then
-          eval $(xmlstarlet sel -t -m settings/setting -v @id -o "=\"" -v . -o "\"" -n "$xml_file")
+          eval $(xmlstarlet sel -t -m settings/setting -v @id -o "=" -v . -n "$xml_file" | sed -e "s/'/'\\\\''/g; s/=/='/; s/$/'/")
         else
-          eval $(xmlstarlet sel -t -m settings -m setting -v @id -o "=\"" -v @value -o "\"" -n "$xml_file")
+          eval $(xmlstarlet sel -t -m settings -m setting -v @id -o "=" -v @value -n "$xml_file" | sed -e "s/'/'\\\\''/g; s/=/='/; s/$/'/")
         fi
       fi
     done