Fix $ not being escaped in .env.production file generated by mastodon:setup
#23012
Conversation
lib/tasks/mastodon.rake
Outdated
| @@ -395,7 +395,7 @@ namespace :mastodon do | |||
| incompatible_syntax = false | |||
|
|
|||
| env_contents = env.each_pair.map do |key, value| | |||
| if value.is_a?(String) && value =~ /[\s\#\\"]/ | |||
| if value.is_a?(String) && value =~ /[\s\#\\"\$]/ | |||
There was a problem hiding this comment.
Instead of trying to fix this manually, should we use Shellwords.escape
There was a problem hiding this comment.
Possibly, but IIRC dotenv doesn't exactly implement shell rules.
There was a problem hiding this comment.
Would need to check if it's still the case, but at the time the escaping was introduced, you made the same suggestion and the reason we could not do that was #13156 (comment)
There was a problem hiding this comment.
Yeah it still behaves the same. Shellwords.escape('foo!#test') would return 'foo\!\#test', which would be parsed by dotenv as 'foo!\'.
That being said we probably can do something as simple as "\"#{Shellwords.escape(value)}\"".
There was a problem hiding this comment.
From Shellwords::shellescape's documentation:
Note that a resulted string should be used unquoted and is not intended for use in double quotes nor in single quotes.
And indeed, this would result in double-escaping some characters…
I'm going to more thoroughly check Dotenv's behavior and better document that code.
There was a problem hiding this comment.
Wrote a documented escape function that I tested to be fairly robust. I don't think everything can be escaped, though.
ClearlyClaire
force-pushed
the
fixes/mastodon-setup-escape-dollar-sign
branch
from
a9984ba
to
254d5c2
Compare
Regression from mastodon#23012
No description provided.