search

cloudpanel-io / cloudpanel-ce

1.21k stars 99 forks source link

Backslash Removed from Command in New Cron Job Created via CloudPanel #510

Closed long1261 closed 2 weeks ago

long1261 commented 1 month ago

CloudPanel version(s) affected

2.4.2

Description

When creating a new cron job through CloudPanel, any backslash (\) included in the command, such as in the usage of "time='$(date +\%s)", is removed. This issue causes the command to be executed incorrectly, leading to potential errors or unintended behavior. The backslash is essential for escaping certain characters or sequences in shell commands, and its removal disrupts the intended function of the cron job.

How to reproduce

  1. Log in to CloudPanel and navigate to the section where you can create a new cron job.
  2. Create a new cron job with the following command: time='$(date +\%s)
  3. Save the cron job and then review the command that has been saved.
  4. Observe that the backslash (\) before %s has been removed, resulting in the command being saved as: time='$(date +%s)

Possible Solution

No response

Additional Context

No response

cloudpanel-io commented 2 weeks ago

I recommend creating a bash script and working there with variables.

We need to clean the command for security reasons.