CRITICAL FIXES: Apply essential improvements from beta branch to production

CRITICAL FIXES: 1. Add missing initialize_system_detection() call (launcher.sh) - System detection was never initialized before building reference database - This caused all SYS_* variables to be empty - Fixed blank system detection output issue reported on Alma 8 2. Fix all unsafe read statements (launcher.sh - 10+ occurrences) - Changed all 'read -r choice' to use /dev/tty with error handling - Prevents crashes when stdin is piped (curl | bash) - Prevents unexpected SSH session termination - Gracefully returns instead of exiting 3. Fix remaining read -p statements (launcher.sh) - Added </dev/tty and error suppression to startup and exit prompts - Prevents hangs when terminal not available SECURITY FIXES: 4. Fix SQL injection in database queries (reference-db.sh) - Escape database names with backticks: WHERE table_schema=`$db` - Prevents malicious database names from breaking SQL 5. Fix password exposure in process listings (reference-db.sh) - Use MYSQL_PWD environment variable instead of command line - Credentials no longer visible in ps aux output - Added cleanup with unset MYSQL_PWD 6. Fix race condition in temp directory creation (common-functions.sh) - Changed from mkdir -p to mktemp -d - Secure permissions (0700) and unpredictable naming - Prevents TOCTOU attacks All changes validated with bash -n syntax checks Production launcher now matches/exceeds beta stability
2026-03-19 20:50:28 -04:00
parent 5cca21aa0c
commit eabddb553d
3 changed files with 51 additions and 19 deletions
@@ -162,8 +162,8 @@ build_databases_section() {
    # Build MySQL command with credentials if needed
    local mysql_cmd="mysql"
    if [ "$SYS_CONTROL_PANEL" = "plesk" ] && [ -f /etc/psa/.psa.shadow ]; then
-        local plesk_mysql_pass=$(cat /etc/psa/.psa.shadow)
-        mysql_cmd="mysql -uadmin -p${plesk_mysql_pass}"
+        export MYSQL_PWD=$(cat /etc/psa/.psa.shadow)
+        mysql_cmd="mysql -uadmin"
    fi

    local total_dbs=$($mysql_cmd -Ns -e "SHOW DATABASES" 2>/dev/null | grep -v "^information_schema$\|^mysql$\|^performance_schema$\|^sys$" | wc -l)
@@ -180,7 +180,7 @@ build_databases_section() {

        local size_mb=$($mysql_cmd -Ns -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2)
                                       FROM information_schema.TABLES
-                                       WHERE table_schema='$db'" 2>/dev/null)
+                                       WHERE table_schema=\`$db\`" 2>/dev/null)
        [ -z "$size_mb" ] && size_mb=0

        local table_count=$($mysql_cmd -Ns "$db" -e "SHOW TABLES" 2>/dev/null | wc -l)
@@ -190,6 +190,9 @@ build_databases_section() {

    finish_progress
    echo "" >> "$SYSREF_DB"
+
+    # Clean up password environment variable
+    unset MYSQL_PWD
 }

 # Check domain HTTP/HTTPS status codes