From 8f3b764e267f4ab5f1daa3efeecc635aebb52307 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Fri, 9 Jan 2026 00:33:02 -0500
Subject: [PATCH] Fix NULL check issues (5 HIGH issues resolved)

Added proper null/empty checks and variable quoting in 3 files:

1. wordpress-cron-manager.sh (2 issues):
   - Added validation for $site_path before use
   - Quoted variable in cron command to prevent word splitting
   - Lines 446-449: Check if path is empty or invalid before processing

2. malware-scanner.sh (1 issue):
   - Added safety check for $SCAN_DIR before suggesting rm -rf command
   - Prevents dangerous rm operations if variable is empty or root
   - Line 1583-1585: Guard against accidental deletions

3. mysql-restore-to-sql.sh (2 issues):
   - Quoted $datadir in echo statements showing manual commands
   - Lines 426, 441, 444, 447: Proper quoting in examples

Impact: Prevents potential issues from empty/undefined variables
---
 modules/backup/mysql-restore-to-sql.sh              |  8 ++++----
 modules/security/malware-scanner.sh                 |  4 +++-
 modules/website/wordpress/wordpress-cron-manager.sh | 10 ++++++++--
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/modules/backup/mysql-restore-to-sql.sh b/modules/backup/mysql-restore-to-sql.sh
index 21f83f8..146dbc8 100755
--- a/modules/backup/mysql-restore-to-sql.sh
+++ b/modules/backup/mysql-restore-to-sql.sh
@@ -423,7 +423,7 @@ show_recovery_options() {
             done
             echo ""
             echo "    3. Fix ownership:"
-            echo "       chown mysql:mysql $datadir/$DATABASE_NAME/*.ibd"
+            echo "       chown mysql:mysql \"$datadir/$DATABASE_NAME\"/*.ibd"
         else
             echo "    1. Check error log manually:"
             echo "       grep -i 'cannot open\\|missing' $error_log"
@@ -438,13 +438,13 @@ show_recovery_options() {
         echo "    If you're missing many files, easier to restore all:"
         echo ""
         echo "    1. Remove partial database directory:"
-        echo "       rm -rf $datadir/$DATABASE_NAME"
+        echo "       rm -rf \"$datadir/$DATABASE_NAME\""
         echo ""
         echo "    2. Restore complete database directory from backup:"
-        echo "       cp -r /backup/path/$DATABASE_NAME $datadir/"
+        echo "       cp -r /backup/path/$DATABASE_NAME \"$datadir/\""
         echo ""
         echo "    3. Fix ownership:"
-        echo "       chown -R mysql:mysql $datadir/$DATABASE_NAME"
+        echo "       chown -R mysql:mysql \"$datadir/$DATABASE_NAME\""
         echo ""
         echo "    4. Re-run this script"
         echo ""
diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 7f12b5f..4c1113a 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -1580,7 +1580,9 @@ fi
 echo "You can:"
 echo "  • Review logs: ls $LOG_DIR"
 echo "  • View summary: cat $SUMMARY_FILE"
-echo "  • Delete scan directory manually: rm -rf $SCAN_DIR"
+if [ -n "$SCAN_DIR" ] && [[ "$SCAN_DIR" != "/" ]]; then
+    echo "  • Delete scan directory manually: rm -rf \"$SCAN_DIR\""
+fi
 echo ""
 echo "Press Ctrl+A then D to detach from this screen session,"
 echo "or press Enter to open an interactive shell in this session..."
diff --git a/modules/website/wordpress/wordpress-cron-manager.sh b/modules/website/wordpress/wordpress-cron-manager.sh
index ccd213d..72ac6f9 100755
--- a/modules/website/wordpress/wordpress-cron-manager.sh
+++ b/modules/website/wordpress/wordpress-cron-manager.sh
@@ -442,6 +442,12 @@ case "$choice" in
             count=$((count + 1))
             site_path=$(dirname "$wp_config")
 
+            # Validate site path
+            if [ -z "$site_path" ] || [ ! -d "$site_path" ]; then
+                echo -e "${YELLOW}Warning: Invalid site path${NC}"
+                continue
+            fi
+
             echo -e "${BOLD}Site $count:${NC} $site_path"
 
             # Backup
@@ -458,7 +464,7 @@ case "$choice" in
             fi
 
             # Add cron job with staggered timing
-            cron_cmd="cd $site_path && /usr/bin/php -q wp-cron.php >/dev/null 2>&1"
+            cron_cmd="cd \"$site_path\" && /usr/bin/php -q wp-cron.php >/dev/null 2>&1"
 
             if ! crontab -u "$target_user" -l 2>/dev/null | grep -q "$site_path.*wp-cron.php"; then
                 cron_time=$(generate_staggered_cron)
@@ -545,7 +551,7 @@ case "$choice" in
             fi
 
             # Add cron job with staggered timing
-            cron_cmd="cd $site_path && /usr/bin/php -q wp-cron.php >/dev/null 2>&1"
+            cron_cmd="cd \"$site_path\" && /usr/bin/php -q wp-cron.php >/dev/null 2>&1"
 
             if ! crontab -u "$user" -l 2>/dev/null | grep -q "$site_path.*wp-cron.php"; then
                 cron_time=$(generate_staggered_cron)