From bfae9d9bfa90a0189d943ca865fa046f510b9922 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Thu, 18 Feb 2021 15:51:08 +0100
Subject: Safer option injection to build scripts

Nix isn't very typesafe, but apparently there is at least a `escapeShellArg`
function which makes things safe for shell execution.
---
 front/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/front/default.nix b/front/default.nix
index dc3f115..5385de3 100644
--- a/front/default.nix
+++ b/front/default.nix
@@ -86,8 +86,8 @@ in
         replace-literal -efsr '"@types/quill": "^1.3.7",' ' ';
         replace-literal -efsr '"quill": "^1.3.7",' ' ';
       ''
-       + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" "${envVars.DEFAULT_MAP_URL}";'' else "")
-       + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" "${envVars.STUN_SERVER}";'' else "");
+       + (if envVars ? DEFAULT_MAP_URL then ''replace-literal -efs -r -x .ts "/Floor0/floor0.json" ${lib.escapeShellArg envVars.DEFAULT_MAP_URL};'' else "")
+       + (if envVars ? STUN_SERVER then ''replace-literal -efs -r -x .ts "stun:stun.l.google.com:19302" ${lib.escapeShellArg envVars.STUN_SERVER};'' else "");
 
       buildPhase = ''
         mkdir -p $out
-- 
cgit v1.2.3