Fix WORDSPLIT issues in for loops (HIGH priority)

Converted unsafe 'for var in $list' loops to 'while read' loops to properly handle items with spaces in names. reference-db.sh (4 fixes): - Line 172: Database iteration (SHOW DATABASES) - Line 330: Server alias iteration (space-separated aliases) - Line 345: Domain iteration (get_user_domains) - Line 414: WordPress config file paths (find results) user-manager.sh (4 fixes): - Line 396: Domain iteration in cPanel log paths - Line 404: Domain iteration in Plesk log paths - Line 410: Domain iteration in InterWorx log paths - Line 632: User iteration (list_all_users) Pattern changes: - for item in $list → while IFS= read -r item - Added [ -z "$item" ] && continue for safety - Used echo "$list" | while or piped commands directly This prevents word splitting on spaces in database names, domain names, file paths, and usernames.
2026-01-02 17:34:56 -05:00
parent 5a2d51d496
commit bad5955d41
2 changed files with 23 additions and 16 deletions
@@ -394,7 +394,9 @@ get_user_log_files() {

    case "$SYS_CONTROL_PANEL" in
        cpanel)
-            for domain in $domains; do
+            # Iterate safely over domains (handles spaces in domain names)
+            echo "$domains" | while IFS= read -r domain; do
+                [ -z "$domain" ] && continue
                echo "${SYS_LOG_DIR}/${domain}"
                echo "${SYS_LOG_DIR}/${domain}-ssl_log"
            done
@@ -402,13 +404,17 @@ get_user_log_files() {
        plesk)
            echo "/var/www/vhosts/${username}/statistics/logs/access_log"
            echo "/var/www/vhosts/${username}/statistics/logs/error_log"
-            for domain in $domains; do
+            # Iterate safely over domains (handles spaces in domain names)
+            echo "$domains" | while IFS= read -r domain; do
+                [ -z "$domain" ] && continue
                echo "/var/www/vhosts/${domain}/statistics/logs/access_log"
                echo "/var/www/vhosts/${domain}/statistics/logs/error_log"
            done
            ;;
        interworx)
-            for domain in $domains; do
+            # Iterate safely over domains (handles spaces in domain names)
+            echo "$domains" | while IFS= read -r domain; do
+                [ -z "$domain" ] && continue
                echo "/home/${username}/var/${domain}/logs/access_log"
                echo "/home/${username}/var/${domain}/logs/error_log"
            done
@@ -628,9 +634,9 @@ get_database_owner() {
    # Database names are typically: username_dbname
    local prefix=$(echo "$db_name" | cut -d_ -f1)

-    # Check if this prefix matches a user
-    local users=$(list_all_users)
-    for user in $users; do
+    # Check if this prefix matches a user (iterate safely over usernames)
+    list_all_users | while IFS= read -r user; do
+        [ -z "$user" ] && continue
        if [ "$user" = "$prefix" ]; then
            echo "$user"
            return 0