fix: enhance .env loading to safely parse key-value pairs and handle special characters
This commit is contained in:
S
@@ -80,10 +80,31 @@ load_env() {
|
||||
log_error "Copy .env.example to .env and populate values."
|
||||
return 1
|
||||
fi
|
||||
set -a # auto-export all vars defined below
|
||||
# shellcheck source=/dev/null
|
||||
source "$env_file"
|
||||
set +a # stop auto-exporting
|
||||
# Parse KEY=VALUE lines safely without executing them as bash.
|
||||
# Using 'source' on .env is dangerous: unquoted values with spaces
|
||||
# (e.g. GITEA_INSTANCE_NAME=PID Git) cause the second word to be
|
||||
# executed as a command. This parser handles comments, blank lines,
|
||||
# and values with spaces, quotes, and special characters.
|
||||
local line key value
|
||||
while IFS= read -r line || [[ -n "$line" ]]; do
|
||||
# Skip blank lines and comments
|
||||
[[ -z "$line" || "$line" == \#* ]] && continue
|
||||
# Must contain = to be a valid assignment
|
||||
[[ "$line" == *=* ]] || continue
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
# Strip inline comments: remove everything from '# ' onward (hash + space).
|
||||
# The space after # distinguishes comments from # in URLs/passwords/tokens.
|
||||
# Handles both 'value # comment' and 'value# comment' formats.
|
||||
value="${value%%# *}"
|
||||
# Strip surrounding quotes (single or double) if present
|
||||
if [[ "$value" =~ ^\"(.*)\"$ ]] || [[ "$value" =~ ^\'(.*)\'$ ]]; then
|
||||
value="${BASH_REMATCH[1]}"
|
||||
fi
|
||||
# Strip trailing whitespace
|
||||
value="${value%"${value##*[! ]}"}"
|
||||
export "$key=$value"
|
||||
done < "$env_file"
|
||||
}
|
||||
|
||||
save_env_var() {
|
||||
@@ -430,7 +451,7 @@ ssh_exec() {
|
||||
# ConnectTimeout: fail fast if host is unreachable (don't hang for 60s)
|
||||
# StrictHostKeyChecking=accept-new: auto-accept new hosts but reject changed keys
|
||||
# BatchMode=yes: never prompt for password (fail if key auth doesn't work)
|
||||
# ${key:+-i "$key"}: pass -i only when SSH_KEY is set (otherwise use ssh-agent default)
|
||||
# ${key:+-i "$key"}: pass -i only when SSH_KEY is set (otherwise SSH uses default keys from ~/.ssh/id_*)
|
||||
ssh ${key:+-i "$key"} \
|
||||
-o ConnectTimeout=10 \
|
||||
-o StrictHostKeyChecking=accept-new \
|
||||
|
||||
Reference in New Issue
Block a user