Fix security issue with grep -w $2 (hestiacp#2889)

* Fix security issue with grep -w $2

Author: jaapmarcus

bin/v-update-sys-hestia

@@ -28,7 +28,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
-is_hestia_package "hestia,hestia-nginx,hestia-php" "$package"
+is_hestia_package "hestia hestia-nginx hestia-php" "$package"
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode

func/main.sh

@@ -1502,8 +1502,14 @@ multiphp_default_version() {
 }
 
 is_hestia_package(){
-    if [ -z "$(echo $1 | grep -w $2)" ]; then
-        check_result "$E_INVALID" "$2 package is not controlled by hestiacp"
+    check=false;
+    for package in $1; do 
+      if [ $package == "$2" ]; then 
+        check="true";
+      fi
+    done
+    if [ "$check" != "true" ]; then
+      check_result $E_INVALID "$2 package is not controlled by hestiacp"
     fi
 }