SecImprove: Use internal function to parse object key/value strings

- 'parse_object_kv_list' will also validate the string format

Author: Lupul

bin/v-add-letsencrypt-host

@@ -46,7 +46,7 @@ is_object_unsuspended 'web' 'DOMAIN' "$domain"
 get_domain_values 'web'
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Set ssl installation to yes
 add_ssl="yes"

bin/v-add-remote-dns-domain

@@ -51,10 +51,10 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote dns host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Parsing domain parameters
-    eval $str
+    parse_object_kv_list "$str"
 
     # Syncing domain data
     cluster_cmd v-insert-dns-domain $DNS_USER "$str" $HOSTNAME $flush 'no'

bin/v-add-remote-dns-record

@@ -52,7 +52,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing serial
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

bin/v-add-web-domain-ssl-force

@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Check if SSL is enabled
 if [ "$SSL" != 'yes' ]; then

bin/v-add-web-domain-ssl-hsts

@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Load domain data
-eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
 
 # Check if SSL is enabled
 if [ "$SSL" != 'yes' ]; then

bin/v-change-database-owner

@@ -75,7 +75,7 @@ mkdir -p $BACKUP/tmp.$database
 $BIN/v-suspend-database $owner $database > /dev/null 2>&1
 
 # Dump database
-eval $db_data
+parse_object_kv_list "$db_data"
 dump="$tmpdir/$database.$TYPE.sql"
 grants="$tmpdir/$database.$TYPE.$DBUSER"
 case $TYPE in
@@ -86,7 +86,7 @@ esac
 # Import configuration
 db_data=$(echo "$db_data" | sed "s/'${owner}_/'${user}_/g")
 echo "$db_data" >> $HESTIA/data/users/$user/db.conf
-eval $db_data
+parse_object_kv_list "$db_data"
 
 # Unsuspend db
 $BIN/v-unsuspend-database $user $new_db > /dev/null 2>&1

bin/v-change-dns-record

@@ -54,7 +54,7 @@ check_hestia_demo_mode
 
 # Parsing domain config
 line=$(grep "ID='$id'" $USER_DATA/dns/$domain.conf)
-eval $line
+parse_object_kv_list "$line"
 
 # Null priority for none MX/SRV records
 if [ "$TYPE" != 'MX' ] && [ "$TYPE" != 'SRV' ]; then

bin/v-change-domain-owner

@@ -47,7 +47,7 @@ check_hestia_demo_mode
 web_data=$(grep "DOMAIN='$domain'" $HESTIA/data/users/$owner/web.conf)
 if [ ! -z "$web_data" ]; then
     $BIN/v-suspend-web-domain $owner $domain >> /dev/null 2>&1
-    eval $web_data
+    parse_object_kv_list "$web_data"
 
     # Change IP
     if [ ! -z "$ip" ]; then
@@ -95,7 +95,7 @@ fi
 # DNS domain
 dns_data=$(grep "DOMAIN='$domain'" $HESTIA/data/users/$owner/dns.conf)
 if [ ! -z "$dns_data" ]; then
-    eval $dns_data
+    parse_object_kv_list "$dns_data"
 
     # Change IP
     if [ ! -z "$ip" ]; then

bin/v-change-remote-dns-domain-exp

@@ -40,7 +40,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing domain
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)

bin/v-change-remote-dns-domain-soa

@@ -40,7 +40,7 @@ IFS=$'\n'
 for cluster in $(grep "SUSPENDED='no'" $HESTIA/conf/dns-cluster.conf); do
 
     # Parsing remote host parameters
-    eval $cluster
+    parse_object_kv_list "$cluster"
 
     # Syncing SOA
     str=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf)