From 39561c32c12cabe563de48cc96eccb9e2c655e25 Mon Sep 17 00:00:00 2001
From: Anton Reutov <a.reutov@outlook.com>
Date: Mon, 18 Jul 2022 13:06:39 +0300
Subject: [PATCH] Fix for Sed Injection Vulnerability

Thanks to @hestiacp and @jaapmarcus for fix.
---
 func/main.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/func/main.sh b/func/main.sh
index 4ec7e7f1c..6f848a220 100644
--- a/func/main.sh
+++ b/func/main.sh
@@ -831,6 +831,23 @@ is_format_valid_shell() {
         exit $E_INVALID	
     fi	
 }
+
+format_no_quotes() {
+    exclude="['|\"]"
+    if [[ "$1" =~ $exclude ]]; then
+       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
+    fi
+    is_no_new_line_format "$1"
+}
+
+is_no_new_line_format() {
+    test=$(echo "$1" | head -n1 );
+    if [[ "$test" != "$1" ]]; then
+      check_result "$E_INVALID" "invalid value :: $1"
+    fi
+}
+
+
 # Format validation controller
 is_format_valid() {
     for arg_name in $*; do
@@ -839,6 +856,7 @@ is_format_valid() {
             case $arg_name in
                 account)        is_user_format_valid "$arg" "$arg_name";;
                 action)         is_fw_action_format_valid "$arg";;
+                alias)          is_alias_format_valid "$arg" ;;
                 aliases)        is_alias_format_valid "$arg" ;;
                 antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                 antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;