Watchdog: escape subject and body for webhooks

2025-02-03 13:22:17 +02:00 · 2024-03-01 23:07:05 +01:00 · 2024-03-01 23:07:05 +01:00 · 914a8204d4
commit 914a8204d4
parent d92ffe8fc7
1 changed files with 6 additions and 2 deletions
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@ -169,9 +169,13 @@ function notify_error() {
      return 1
    fi

+    # Escape subject and body (https://stackoverflow.com/a/2705678)
+    ESCAPED_SUBJECT=$(echo ${SUBJECT} | sed -e 's/[\/&]/\\&/g')
+    ESCAPED_BODY=$(echo ${BODY} | sed -e 's/[\/&]/\\&/g')
+
    # Replace subject and body placeholders
-    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g")
-    
+    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed -e "s/\$SUBJECT\|\${SUBJECT}/$ESCAPED_SUBJECT/g" -e "s/\$BODY\|\${BODY}/$ESCAPED_BODY/g")
+
    # POST to webhook
    curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK}