From 553c5233d35b7648045a928004fdfc05b4e0d965 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Tue, 31 Dec 2019 01:57:13 -0500
Subject: Sanitize inputs BEFORE constructing a command string

---
 src/fs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/fs.c')

diff --git a/src/fs.c b/src/fs.c
index bedfec1..1ee7901 100644
--- a/src/fs.c
+++ b/src/fs.c
@@ -294,9 +294,11 @@ int rsync(const char *_args, const char *_source, const char *_destination) {
         strcat(args_combined, _args);
     }
 
+    strchrdel(args_combined, "&;|");
+    strchrdel(source, "&;|");
+    strchrdel(destination, "&;|");
+
     snprintf(cmd, PATH_MAX, "rsync %s \"%s\" \"%s\" 2>&1", args_combined, source, destination);
-    // sanitize command
-    strchrdel(cmd, "&;|");
     shell(&proc, SHELL_OUTPUT, cmd);
     if (!proc) {
         if (args) {
-- 
cgit