escape command for remote hook

Running remote commands we have a policy of wrapping those into a `bash -l -c ""`. I'm no more completely sure about this approach. Moreover as per issue #492 complex command may broke and the user has no way to manage himself the escaping. ATM I'm trying to do a programmatic hidden escape of the user input specified command.
welaika · Sep 12, 2018 · 102f279 · 102f279
1 parent fded9e2
commit 102f279
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/wordmove/hook.rb b/lib/wordmove/hook.rb
@@ -102,7 +102,7 @@ def self.run(commands, options, simulate = false)
           return true if simulate
 
           stdout, stderr, exit_code =
-            copier.exec!("bash -l -c 'cd #{wordpress_path} && #{command}'")
+            copier.exec!("bash -l -c 'cd #{wordpress_path} && #{Shellwords.escape(command)}'")
 
           if exit_code.zero?
             logger.task_step false, "Output: #{stdout}"