diff options
Diffstat (limited to 'include/profiles')
| -rw-r--r-- | include/profiles | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/include/profiles b/include/profiles index 65e3bcee..26b7b9b1 100644 --- a/include/profiles +++ b/include/profiles @@ -45,16 +45,17 @@ sleep 30 fi - # Security check for unexpected and possibly harmful escape characters - DATA=$(grep -v '^$\|^ \|^#\|^config:' ${PROFILE} | tr -d '[:alnum:]/\[\]\(\)\-_\|,\.:;= \n\r' | od -An -ta | sed 's/ /!space!/g') + # Security check for unexpected and possibly harmful escape characters (hyphen should be listed as first or last character) + DATA=$(grep -v '^$\|^ \|^#\|^config:' ${PROFILE} | tr -d '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-' | od -An -ta | sed 's/ /!space!/g') if ! IsEmpty "${DATA}"; then DisplayWarning "Your profile '${PROFILE}' contains unexpected characters. See the log file for more information." - LogText "Found unexpected or possibly harmful characters in the profile. See output below." + LogText "Found unexpected or possibly harmful characters in profile '${PROFILE}'. See which characters matched in the output below and compare them with your profile." for I in "${DATA}"; do I=$(echo ${I} | sed 's/!space!/ /g') LogText "Output: ${I}" done - sleep 30 + LogText "Suggestion: comment incorrect lines with a '#' and try again. Open a GitHub issue if valid characters are blocked" + ExitFatal "unexpected characters in profile. Stopping execution (security measure)" fi # Now parse the profile and filter out unwanted characters |