Fix: Proper IFS restoration in all files (HIGH priority)

HIGH PRIORITY FIXES:
- lib/attack-patterns.sh:668 - Save/restore IFS around echo
- lib/php-analyzer.sh:511 - Save/restore IFS around sort operation
- modules/security/live-attack-monitor-v2.sh:1629 - Save/restore IFS properly

Issue: Modifying IFS without restoring it to previous value causes
word splitting issues in subsequent commands. Using 'unset IFS' is
less reliable than saving and restoring the original value.

Pattern applied:
  old_IFS=$IFS
  IFS='value'
  ...operation...
  IFS=$old_IFS

RESULTS:
- 3 HIGH IFS issues fixed
- Command execution now reliable after IFS modifications

lib/attack-patterns.sh

@@ -665,7 +665,10 @@ detect_all_attacks() {
     fi
 
     if [ ${#attacks[@]} -gt 0 ]; then
-        IFS=','; echo "${attacks[*]}"
+        local old_IFS="$IFS"
+        IFS=','
+        echo "${attacks[*]}"
+        IFS="$old_IFS"
     else
         echo ""
     fi

lib/php-analyzer.sh

@@ -508,8 +508,10 @@ analyze_domain_traffic_advanced() {
     done
 
     # Sort values
-    IFS=$'\n' rpm_sorted=($(sort -n <<<"${rpm_values[*]}"))
-    unset IFS
+    local old_IFS="$IFS"
+    IFS=$'\n'
+    rpm_sorted=($(sort -n <<<"${rpm_values[*]}"))
+    IFS="$old_IFS"
 
     local peak_rpm=${rpm_sorted[-1]:-0}
 

modules/security/live-attack-monitor-v2.sh

@@ -1626,13 +1626,15 @@ show_blocking_menu() {
     fi
 
     # Sort by score
-    IFS=$'\n' blockable_list=($(sort -t'|' -k2 -rn <<<"${blockable_list[*]}"))
-    unset IFS
+    local old_IFS="$IFS"
+    IFS=$'\n'
+    blockable_list=($(sort -t'|' -k2 -rn <<<"${blockable_list[*]}"))
+    IFS="$old_IFS"
 
     # Display IPs
     local idx=1
     for entry in "${blockable_list[@]}"; do
-        IFS='|' read -r ip score hits attacks <<< "$entry"
+        IFS='|' read -r ip score hits attacks <<< "$entry" || true
         local level=$(get_threat_level "$score")
         local color=$(get_threat_color "$level")