Skip to content

Commit d7e0ae0

Browse files
jc21jc21
authored
Merge pull request NginxProxyManager#1701 from jc21/escape-credential-backslashes
Correctly escape backslashes in dns plugin credentials
2 parents 29ee485 + 9dd5644 commit d7e0ae0

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

backend/internal/certificate.js

+4-2
Original file line numberDiff line numberDiff line change
@@ -871,8 +871,10 @@ const internalCertificate = {
871871
logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
872872

873873
const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
874-
const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
875-
const prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
874+
// Escape single quotes and backslashes
875+
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
876+
const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
877+
const prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
876878

877879
// Whether the plugin has a --<name>-credentials argument
878880
const hasConfigArg = certificate.meta.dns_provider !== 'route53';

backend/setup.js

+3-1
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,9 @@ const setupCertbotPlugins = () => {
181181

182182
// Make sure credentials file exists
183183
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
184-
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
184+
// Escape single quotes and backslashes
185+
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
186+
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
185187
promises.push(utils.exec(credentials_cmd));
186188
}
187189
});

0 commit comments

Comments
 (0)