Safer option injection to build scripts

Nix isn't very typesafe, but apparently there is at least a `escapeShellArg` function which makes things safe for shell execution.
author: stuebinm 2021-02-18 15:51:08 +0100
committer: stuebinm 2021-02-18 15:51:08 +0100
commit: bfae9d9bfa90a0189d943ca865fa046f510b9922 (patch)
tree: a4acce736d20be7cb9694a3a8fe860bd06224adc
parent: 8788bba867874725439a76dc94891e4438568650 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/front/default.nix b/front/default.nix
index dc3f115..5385de3 100644
--- a/front/default.nix
+++ b/front/default.nix
@@ -86,8 +86,8 @@ in
         replace-literal -efsr '"@types/quill": "^1.3.7",' ' ';
         replace-literal -efsr '"quill": "^1.3.7",' ' ';
       ''
-       + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" "${envVars.DEFAULT_MAP_URL}";'' else "")
-       + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" "${envVars.STUN_SERVER}";'' else "");
+       + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" ${lib.escapeShellArg envVars.DEFAULT_MAP_URL};'' else "")
+       + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" ${lib.escapeShellArg envVars.STUN_SERVER};'' else "");
 
       buildPhase = ''
         mkdir -p $out
author	stuebinm	2021-02-18 15:51:08 +0100
committer	stuebinm	2021-02-18 15:51:08 +0100
commit	bfae9d9bfa90a0189d943ca865fa046f510b9922 (patch)
tree	a4acce736d20be7cb9694a3a8fe860bd06224adc
parent	8788bba867874725439a76dc94891e4438568650 (diff)