Skip to content

Commit 9dd5644

Browse files
chaptergychaptergy
committed
Correctly escape backslashes in dns plugin credentials
1 parent adc5a20 commit 9dd5644

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

backend/internal/certificate.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -870,8 +870,10 @@ const internalCertificate = {
870870
logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
871871

872872
const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
873-
const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
874-
const prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
873+
// Escape single quotes and backslashes
874+
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
875+
const credentialsCmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
876+
const prepareCmd = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
875877

876878
// Whether the plugin has a --<name>-credentials argument
877879
const hasConfigArg = certificate.meta.dns_provider !== 'route53';

backend/setup.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,9 @@ const setupCertbotPlugins = () => {
181181

182182
// Make sure credentials file exists
183183
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
184-
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
184+
// Escape single quotes and backslashes
185+
const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
186+
const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
185187
promises.push(utils.exec(credentials_cmd));
186188
}
187189
});

0 commit comments

Comments
 (0)