privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enhance .env loading to safely parse key-value pairs and handle special characters

Browse Source
This commit is contained in:
S
2026-03-02 08:52:25 -05:00
parent 97220181d8
commit de48dad967
1 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/common.sh
View File

@@ -80,10 +80,31 @@ load_env() {
log_error "Copy .env.example to .env and populate values." log_error "Copy .env.example to .env and populate values."
return 1 return 1
fi fi
set -a # auto-export all vars defined below # Parse KEY=VALUE lines safely without executing them as bash.
# shellcheck source=/dev/null # Using 'source' on .env is dangerous: unquoted values with spaces
source "$env_file" # (e.g. GITEA_INSTANCE_NAME=PID Git) cause the second word to be
set +a # stop auto-exporting # executed as a command. This parser handles comments, blank lines,
# and values with spaces, quotes, and special characters.
local line key value
while IFS= read -r line || [[ -n "$line" ]]; do
# Skip blank lines and comments
[[ -z "$line" || "$line" == \#* ]] && continue
# Must contain = to be a valid assignment
[[ "$line" == *=* ]] || continue
key="${line%%=*}"
value="${line#*=}"
# Strip inline comments: remove everything from '# ' onward (hash + space).
# The space after # distinguishes comments from # in URLs/passwords/tokens.
# Handles both 'value # comment' and 'value# comment' formats.
value="${value%%# *}"
# Strip surrounding quotes (single or double) if present
if [[ "$value" =~ ^\"(.*)\"$ ]] || [[ "$value" =~ ^\'(.*)\'$ ]]; then
value="${BASH_REMATCH[1]}"
fi
# Strip trailing whitespace
value="${value%"${value##*[! ]}"}"
export "$key=$value"
done < "$env_file"
} }
save_env_var() { save_env_var() {
@@ -430,7 +451,7 @@ ssh_exec() {
# ConnectTimeout: fail fast if host is unreachable (don't hang for 60s) # ConnectTimeout: fail fast if host is unreachable (don't hang for 60s)
# StrictHostKeyChecking=accept-new: auto-accept new hosts but reject changed keys # StrictHostKeyChecking=accept-new: auto-accept new hosts but reject changed keys
# BatchMode=yes: never prompt for password (fail if key auth doesn't work) # BatchMode=yes: never prompt for password (fail if key auth doesn't work)
# ${key:+-i "$key"}: pass -i only when SSH_KEY is set (otherwise use ssh-agent default) # ${key:+-i "$key"}: pass -i only when SSH_KEY is set (otherwise SSH uses default keys from ~/.ssh/id_*)
ssh ${key:+-i "$key"} \ ssh ${key:+-i "$key"} \
-o ConnectTimeout=10 \ -o ConnectTimeout=10 \
-o StrictHostKeyChecking=accept-new \ -o StrictHostKeyChecking=accept-new \