open-source/qinglong
1
0
Fork 0
mirror of https://github.com/whyour/qinglong.git synced 2025-12-23 15:50:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix incomplete sanitization - properly escape backslashes in URL escaping

Browse Source 
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-12-22 14:50:31 +00:00
parent 6397415d7f
commit 6f7a54a614
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
back/services/system.ts
View File

@ -255,9 +255,15 @@ export default class SystemService {
} }
if (defaultDomain && targetDomain) { if (defaultDomain && targetDomain) {
// Escape special characters for sed // Sanitize and escape special characters for sed
const escapedDefault = defaultDomain.replace(/\//g, '\\/').replace(/\./g, '\\.'); // Escape backslashes first, then other special characters
const escapedTarget = targetDomain.replace(/\//g, '\\/'); const escapedDefault = defaultDomain
.replace(/\\/g, '\\\\') // Escape backslashes first
.replace(/\//g, '\\/') // Escape forward slashes
.replace(/\./g, '\\.'); // Escape dots
const escapedTarget = targetDomain
.replace(/\\/g, '\\\\') // Escape backslashes first
.replace(/\//g, '\\/'); // Escape forward slashes
// Replace mirror URL in main sources.list // Replace mirror URL in main sources.list
command = `sed -i 's/${escapedDefault}/${escapedTarget}/g' /etc/apt/sources.list`; command = `sed -i 's/${escapedDefault}/${escapedTarget}/g' /etc/apt/sources.list`;
@ -297,13 +303,13 @@ export default class SystemService {
if (info.linuxMirror) { if (info.linuxMirror) {
targetDomain = info.linuxMirror; targetDomain = info.linuxMirror;
} }
command = `sed -i 's/${defaultDomain.replace( // Sanitize and escape special characters for sed
/\//g, // Escape backslashes first, then other special characters
'\\/', command = `sed -i 's/${defaultDomain
)}/${targetDomain.replace( .replace(/\\/g, '\\\\') // Escape backslashes first
/\//g, .replace(/\//g, '\\/')}/${targetDomain
'\\/', .replace(/\\/g, '\\\\') // Escape backslashes first
)}/g' /etc/apk/repositories && apk update -f`; .replace(/\//g, '\\/')}/g' /etc/apk/repositories && apk update -f`;
} catch (error) { } catch (error) {
this.logger.error('Failed to read /etc/apk/repositories', error); this.logger.error('Failed to read /etc/apk/repositories', error);
} }