diff --git a/acme.sh b/acme.sh index 47a4f6d0..cba4905b 100755 --- a/acme.sh +++ b/acme.sh @@ -119,7 +119,7 @@ _dlg_versions() { _log() { [ -z "$LOG_FILE" ] && return - _printargs "$@" >>$LOG_FILE + _printargs "$@" >>"$LOG_FILE" } _info() { @@ -229,12 +229,12 @@ _getfield() { _ffi=$_findex while [ "$_ffi" -gt "0" ]; do - _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" + _fv="$(echo "$_str" | cut -d $_sep -f "$_ffi")" if [ "$_fv" ]; then printf -- "%s" "$_fv" return 0 fi - _ffi="$(_math $_ffi - 1)" + _ffi="$(_math "$_ffi" - 1)" done printf -- "%s" "$_str" @@ -312,21 +312,21 @@ _h2b() { fi printf "\x$h" else - ic="$(printf $hex | cut -c $i)" - jc="$(printf $hex | cut -c $j)" + ic="$(printf "%s" "$hex" | cut -c $i)" + jc="$(printf "%s" "$hex" | cut -c $j)" if [ -z "$ic$jc" ]; then break fi ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" - printf '\'"$(printf %o "$(_math $ic \* 16 + $jc)")" + printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")" fi if [ "$uselet" ]; then let "i+=2" >/dev/null let "j+=2" >/dev/null else - i="$(_math $i + 2)" - j="$(_math $j + 2)" + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" fi done } @@ -419,9 +419,9 @@ _digest() { if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then if [ "$outputhex" ]; then - openssl dgst -$alg -hex | cut -d = -f 2 | tr -d ' ' + openssl dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' ' else - openssl dgst -$alg -binary | _base64 + openssl dgst -"$alg" -binary | _base64 fi else _err "$alg is not supported yet" @@ -444,9 +444,9 @@ _hmac() { if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then if [ "$outputhex" ]; then - openssl dgst -$alg -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' + openssl dgst -"$alg" -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' else - openssl dgst -$alg -hmac "$hmac_sec" -binary | _base64 + openssl dgst -"$alg" -hmac "$hmac_sec" -binary | _base64 fi else _err "$alg is not supported yet" @@ -516,7 +516,7 @@ _createkey() { f="$2" eccname="$length" if _startswith "$length" "ec-"; then - length=$(printf $length | cut -d '-' -f 2-100) + length=$(printf "$length" | cut -d '-' -f 2-100) if [ "$length" = "256" ]; then eccname="prime256v1" @@ -962,22 +962,22 @@ _calcjwk() { pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" - xlen="$(printf "$pubtext" | tr -d ':' | wc -c)" + xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" xlen=$(_math $xlen / 4) _debug3 xlen "$xlen" xend=$(_math "$xlen" + 1) - x="$(printf $pubtext | cut -d : -f 2-$xend)" + x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)" _debug3 x "$x" - x64="$(printf $x | tr -d : | _h2b | _base64 | _urlencode)" + x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) - y="$(printf $pubtext | cut -d : -f $xend-10000)" + y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)" _debug3 y "$y" - y64="$(printf $y | tr -d : | _h2b | _base64 | _urlencode)" + y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 y64 "$y64" jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' @@ -1240,7 +1240,7 @@ _send_signed_request() { protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" - protected64="$(printf "$protected" | _base64 | _urlencode)" + protected64="$(printf "%s" "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then @@ -2392,7 +2392,7 @@ issue() { if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ]; then + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _saved_domain=$(_readdomainconf Le_Domain) _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) @@ -2529,7 +2529,7 @@ issue() { keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then _info "$d is already verified, skip." keyauthorization=$STATE_VERIFIED _debug keyauthorization "$keyauthorization"