From 160f2b8d530bf779c1d393cdf3ce781115f81647 Mon Sep 17 00:00:00 2001
From: tutacat <fhwbml@gmail.com>
Date: Sat, 31 Dec 2022 17:57:16 +0000
Subject: [PATCH 1/3] Fix unescaped optargs in websockify command

---
 utils/novnc_proxy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/novnc_proxy b/utils/novnc_proxy
index ea3ea706c..94eee4b02 100755
--- a/utils/novnc_proxy
+++ b/utils/novnc_proxy
@@ -193,7 +193,7 @@ fi
 
 echo "Starting webserver and WebSockets proxy on port ${PORT}"
 #${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
-${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web ${WEB} ${CERT:+--cert ${CERT}} ${KEY:+--key ${KEY}} ${PORT} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
+${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web ${WEB} ${CERT:+--cert "${CERT}"} ${KEY:+--key "${KEY}"} ${PORT} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
 proxy_pid="$!"
 sleep 1
 if [ -z "$proxy_pid" ] || ! ps -eo pid= | grep -w "$proxy_pid" > /dev/null; then

From 15242283511c8791077834599e707a45b4dc474d Mon Sep 17 00:00:00 2001
From: tutacat <fhwbml@gmail.com>
Date: Sat, 31 Dec 2022 18:06:41 +0000
Subject: [PATCH 2/3] Escape other args

---
 utils/novnc_proxy | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/utils/novnc_proxy b/utils/novnc_proxy
index 94eee4b02..160f1d110 100755
--- a/utils/novnc_proxy
+++ b/utils/novnc_proxy
@@ -93,14 +93,14 @@ while [ "$*" ]; do
     --web)     WEB="${OPTARG}"; shift            ;;
     --ssl-only) SSLONLY="--ssl-only"             ;;
     --file-only) FILEONLY_ARG="--file-only"      ;;
-    --record) RECORD_ARG="--record ${OPTARG}"; shift ;;
-    --syslog) SYSLOG_ARG="--syslog ${OPTARG}"; shift ;;
+    --record) RECORD_ARG='--record "${OPTARG}"'; shift ;;
+    --syslog) SYSLOG_ARG='--syslog "${OPTARG}"'; shift ;;
     --heartbeat) HEARTBEAT_ARG="--heartbeat ${OPTARG}"; shift ;;
     --idle-timeout) IDLETIMEOUT_ARG="--idle-timeout ${OPTARG}"; shift ;;
     --timeout) TIMEOUT_ARG="--timeout ${OPTARG}"; shift ;;
     --web-auth) WEBAUTH_ARG="--web-auth"                ;;
-    --auth-plugin) AUTHPLUGIN_ARG="--auth-plugin ${OPTARG}"; shift ;;
-    --auth-source) AUTHSOURCE_ARG="--auth-source ${OPTARG}"; shift ;;
+    --auth-plugin) AUTHPLUGIN_ARG='--auth-plugin "${OPTARG}"'; shift ;;
+    --auth-source) AUTHSOURCE_ARG='--auth-source "${OPTARG}"'; shift ;;
     -h|--help) usage                              ;;
     -*) usage "Unknown chrooter option: ${param}" ;;
     *) break                                      ;;
@@ -192,8 +192,8 @@ else
 fi
 
 echo "Starting webserver and WebSockets proxy on port ${PORT}"
-#${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
-${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web ${WEB} ${CERT:+--cert "${CERT}"} ${KEY:+--key "${KEY}"} ${PORT} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
+#${HERE}/websockify --web ${WEB:+"${WEB}"} ${CERT:+--cert "${CERT}"} ${PORT} ${VNC_DEST} &
+${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web="${WEB}" ${CERT:+--cert "${CERT}"} ${KEY:+--key "${KEY}"} ${PORT} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
 proxy_pid="$!"
 sleep 1
 if [ -z "$proxy_pid" ] || ! ps -eo pid= | grep -w "$proxy_pid" > /dev/null; then

From 31cecba0210525507167b2c466b0a1201af84e70 Mon Sep 17 00:00:00 2001
From: tutacat <fhwbml@gmail.com>
Date: Thu, 17 Aug 2023 01:25:30 +0100
Subject: [PATCH 3/3] Fix to use substitutions

---
 utils/novnc_proxy | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/novnc_proxy b/utils/novnc_proxy
index 160f1d110..ec727e994 100755
--- a/utils/novnc_proxy
+++ b/utils/novnc_proxy
@@ -93,14 +93,14 @@ while [ "$*" ]; do
     --web)     WEB="${OPTARG}"; shift            ;;
     --ssl-only) SSLONLY="--ssl-only"             ;;
     --file-only) FILEONLY_ARG="--file-only"      ;;
-    --record) RECORD_ARG='--record "${OPTARG}"'; shift ;;
-    --syslog) SYSLOG_ARG='--syslog "${OPTARG}"'; shift ;;
+    --record) RECORD_ARG="--record '${OPTARG}'"; shift ;;
+    --syslog) SYSLOG_ARG="--syslog '${OPTARG}'"; shift ;;
     --heartbeat) HEARTBEAT_ARG="--heartbeat ${OPTARG}"; shift ;;
     --idle-timeout) IDLETIMEOUT_ARG="--idle-timeout ${OPTARG}"; shift ;;
     --timeout) TIMEOUT_ARG="--timeout ${OPTARG}"; shift ;;
     --web-auth) WEBAUTH_ARG="--web-auth"                ;;
-    --auth-plugin) AUTHPLUGIN_ARG='--auth-plugin "${OPTARG}"'; shift ;;
-    --auth-source) AUTHSOURCE_ARG='--auth-source "${OPTARG}"'; shift ;;
+    --auth-plugin) AUTHPLUGIN_ARG="--auth-plugin '${OPTARG}'"; shift ;;
+    --auth-source) AUTHSOURCE_ARG="--auth-source '${OPTARG}'"; shift ;;
     -h|--help) usage                              ;;
     -*) usage "Unknown chrooter option: ${param}" ;;
     *) break                                      ;;