CRITICAL FIXES: Security vulnerabilities in reference-db.sh and common-functions.sh

SECURITY FIXES:
1. SQL Injection (reference-db.sh:183)
   - Escape database names with backticks in WHERE clause
   - Changed: WHERE table_schema='' → WHERE table_schema=``
   - Prevents malicious database names from breaking SQL queries

2. Password Exposure (reference-db.sh:166)
   - Stop passing password on command line (visible in ps aux)
   - Changed: mysql -uadmin -p${plesk_mysql_pass} → MYSQL_PWD env var
   - Passwords no longer exposed in process listings
   - Added unset MYSQL_PWD at end of function for cleanup

3. Race Condition in Temp Files (common-functions.sh:173)
   - Replace mkdir -p with mktemp -d for secure temp directory creation
   - Changed: mkdir -p "$TEMP_SESSION_DIR" → mktemp -d -t server-toolkit.XXXXXX
   - Prevents race condition attacks on predictable paths

Testing: All changes validated for syntax and behavior

.sysref.beta

@@ -0,0 +1,35 @@
+# System Reference Database
+# Generated: Thu Mar 19 08:28:56 PM EDT 2026
+# Format: Type|Field1|Field2|...
+
+[SYSTEM]
+SYS|CONTROL_PANEL|cpanel|11.134.0.10
+SYS|OS|almalinux|9.7
+SYS|WEB_SERVER|apache|2.4.66
+SYS|DATABASE|mariadb|10.6.25
+SYS|LOG_DIR|/var/log/apache2/domlogs|
+SYS|USER_HOME|/home|
+SYS|CPU_CORES|2|
+SYS|HOSTNAME|cloudvpstemplate.host.pickledperil.com|
+SYS|PHP_VERSION|8.0.30|
+SYS|PHP_VERSION|8.1.34|
+SYS|PHP_VERSION|8.2.30|
+
+[USERS]
+USER|pickledperil|pickledperil.com|1|1|134|/home/pickledperil
+
+[DATABASES]
+DB|pickledperil_wp_wt6lz|pickledperil
+unknown|pickledperil.com|0.78|12
+
+[DOMAINS]
+DOMAIN|pickledperil.com|pickledperil|/home/pickledperil/public_html|/etc/apache2/logs/domlogs/pickledperil.com|ea-php81|yes|primary|www.pickledperil.com|500|500|500_ERROR
+DOMAIN|www.pickledperil.com|pickledperil|/home/pickledperil/public_html|/etc/apache2/logs/domlogs/pickledperil.com|ea-php81|no|alias|pickledperil.com|500|500|alias_of_500_ERROR
+DOMAIN|67-227-141-132.cprapid.com|unknown||/var/log/apache2/domlogs/67-227-141-132.cprapid.com||unknown|local||timeout|timeout|TIMEOUT
+DOMAIN|cloudvpstemplate.host.pickledperil.com|unknown||/var/log/apache2/domlogs/cloudvpstemplate.host.pickledperil.com||unknown|local||200|200|200_OK
+
+[WORDPRESS]
+WP|pickledperil.com|pickledperil|/home/pickledperil/public_html|pickledperil_wp_wt6lz|pickledperil_wp_7vcwf|6.9.1|2|3
+
+[LOGS]
+

.sysref.beta.timestamp

@@ -0,0 +1 @@
+1773966543

lib/common-functions.sh

@@ -169,8 +169,7 @@ show_terminal_info() {
 # Create temporary session directory
 create_temp_session() {
     export SESSION_ID=$$
-    export TEMP_SESSION_DIR="/tmp/server-toolkit-${SESSION_ID}"
-    mkdir -p "$TEMP_SESSION_DIR"
+    export TEMP_SESSION_DIR=$(mktemp -d -t server-toolkit.XXXXXX)
 
     # Cleanup on exit
     trap '[ -n "$TEMP_SESSION_DIR" ] && rm -rf "$TEMP_SESSION_DIR" 2>/dev/null' EXIT INT TERM

lib/reference-db.sh

@@ -162,8 +162,8 @@ build_databases_section() {
     # Build MySQL command with credentials if needed
     local mysql_cmd="mysql"
     if [ "$SYS_CONTROL_PANEL" = "plesk" ] && [ -f /etc/psa/.psa.shadow ]; then
-        local plesk_mysql_pass=$(cat /etc/psa/.psa.shadow)
-        mysql_cmd="mysql -uadmin -p${plesk_mysql_pass}"
+        export MYSQL_PWD=$(cat /etc/psa/.psa.shadow)
+        mysql_cmd="mysql -uadmin"
     fi
 
     local total_dbs=$($mysql_cmd -Ns -e "SHOW DATABASES" 2>/dev/null | grep -v "^information_schema$\|^mysql$\|^performance_schema$\|^sys$" | wc -l)
@@ -180,7 +180,7 @@ build_databases_section() {
 
         local size_mb=$($mysql_cmd -Ns -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2)
                                        FROM information_schema.TABLES
-                                       WHERE table_schema='$db'" 2>/dev/null)
+                                       WHERE table_schema=\`$db\`" 2>/dev/null)
         [ -z "$size_mb" ] && size_mb=0
 
         local table_count=$($mysql_cmd -Ns "$db" -e "SHOW TABLES" 2>/dev/null | wc -l)
@@ -190,6 +190,9 @@ build_databases_section() {
 
     finish_progress
     echo "" >> "$SYSREF_DB"
+
+    # Clean up password environment variable
+    unset MYSQL_PWD
 }
 
 # Check domain HTTP/HTTPS status codes