This commit sanitizes the values of the env_file. Currently the values are source'd as they are, causing out to crash with certain envvar values (e.g., those containing double quotes, which is what happened to me), and even allowing arbitrary code injection. This PR should protect against all dangerous escape characters in Bash (", \, <backtick>, $).
This commit sanitizes the values of the
env_file. Currently the values are source'd as they are, causingoutto crash with certain envvar values (e.g., those containing double quotes, which is what happened to me), and even allowing arbitrary code injection. This PR should protect against all dangerous escape characters in Bash (",\,<backtick>,$).Thanks and keep up the good work!