Use quotation marks in variable

Prevents possible remote code execution. Thx @blackwinter.
hbz · Aug 27, 2024 · 6befacb · 6befacb
1 parent ac779ce
commit 6befacb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/scripts/generateRvkConcordance.sh b/scripts/generateRvkConcordance.sh
@@ -10,8 +10,8 @@ URL_ROOT="https://data.dnb.de/culturegraph/"
 TARGET_FNAME="/data/other/cg/aggregate.marcxml.gz"
 
 FNAME=$(curl $URL_ROOT | grep '<a href="aggregate_' | sed 's#.*\<a href="aggregate_\(.*\)".*#aggregate_\1#g')
-echo "Got filename: $FNAME"
-wget $URL_ROOT$FNAME -O $TARGET_FNAME
+echo Got filename: "$FNAME"
+wget "$URL_ROOT$FNAME" -O $TARGET_FNAME
 
 FNAME_SIZE=$(ls -s $TARGET_FNAME |cut -d ' ' -f1)
 if [ $FNAME_SIZE -gt 8654321 ]; then # 9593288 blocks was aggregate_20240507.marcxml.gz