Merge branch 'prohibit-export-in-vars' of ssh://github.com/TinCanTech…

…/easy-rsa into TinCanTech-prohibit-export-in-vars Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
OpenVPN · Apr 13, 2023 · cee7948 · cee7948
2 parents 91e5535 + 7be58de
commit cee7948
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -5045,24 +5045,36 @@ Using Easy-RSA configuration:
 			# Sanitize vars
 			if grep -q \
 				-e 'EASYRSA_PASSIN' -e 'EASYRSA_PASSOUT' \
-				-e '^[^#]*export *_*[[:alpha:]]*[[:alnum:]]*.*$' \
-				-e '[^(]`[^)]' "$vars"
+				-e '[^(]`[^)]' \
+				"$vars"
 			then
 				die "\
 One or more of these problems has been found in your 'vars' file:
 
 * Use of 'EASYRSA_PASSIN' or 'EASYRSA_PASSOUT':
   Storing password information in the 'vars' file is not permitted.
 
-* Use of 'export':
-  Remove 'export' or replace it with 'set_var'.
-
 * Use of unsupported characters:
   These characters are not supported: \` backtick
 
 Please, correct these errors and try again."
 			fi
 
+			if grep -q \
+				-e '[[:blank:]]export[[:blank:]]' \
+				-e '[[:blank:]]unset[[:blank:]]' \
+				"$vars"
+			then
+				warn "\
+One or more of these problems has been found in your 'vars' file:
+
+* Use of 'export':
+  Remove 'export' or replace it with 'set_var'.
+
+* Use of 'unset':
+  Remove 'unset' ('force_set_var' may also work)."
+			fi
+
 			# Enable sourcing 'vars'
 			# shellcheck disable=SC2034 # appears unused
 			EASYRSA_CALLER=1