Merge pull request #6298 from spleen1981/fix_oe_setup_addon

fixed oe_setup_addon unsafe with user inputs from addons settings
2025-07-29 21:56:42 +00:00 · 2022-03-17 17:46:33 +01:00 · 2022-03-17 17:46:33 +01:00 · 859d6eb63b
commit 859d6eb63b
parent d5a11c27f7 1f2e7b24bc
1 changed files with 2 additions and 2 deletions
--- a/packages/mediacenter/kodi/profile.d/00-addons.conf
+++ b/packages/mediacenter/kodi/profile.d/00-addons.conf
@ -31,9 +31,9 @@ oe_setup_addon() {
      if [ -f "$xml_file" ]; then
        XML_SETTINGS_VER="$(xmlstarlet sel -t -m settings -v @version $xml_file)"
        if [ "$XML_SETTINGS_VER" = "2" ]; then
-          eval $(xmlstarlet sel -t -m settings/setting -v @id -o "=\"" -v . -o "\"" -n "$xml_file")
+          eval $(xmlstarlet sel -t -m settings/setting -v @id -o "=" -v . -n "$xml_file" | sed -e "s/'/'\\\\''/g; s/=/='/; s/$/'/")
        else
-          eval $(xmlstarlet sel -t -m settings -m setting -v @id -o "=\"" -v @value -o "\"" -n "$xml_file")
+          eval $(xmlstarlet sel -t -m settings -m setting -v @id -o "=" -v @value -n "$xml_file" | sed -e "s/'/'\\\\''/g; s/=/='/; s/$/'/")
        fi
      fi
    done