From 19c66c66280aef2890e6cad1f1fdd9983019e893 Mon Sep 17 00:00:00 2001
From: Stuart Rowlands <stuart.rowlands@quantcdn.io>
Date: Thu, 7 Dec 2023 11:05:52 -0800
Subject: [PATCH] Escape command in ExecuteContainerCommand.

---
 .../Livewire/Project/Shared/ExecuteContainerCommand.php    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Livewire/Project/Shared/ExecuteContainerCommand.php b/app/Http/Livewire/Project/Shared/ExecuteContainerCommand.php
index 3c73a7f52..455926809 100644
--- a/app/Http/Livewire/Project/Shared/ExecuteContainerCommand.php
+++ b/app/Http/Livewire/Project/Shared/ExecuteContainerCommand.php
@@ -92,10 +92,13 @@ class ExecuteContainerCommand extends Component
     {
         $this->validate();
         try {
+            // Wrap command to prevent escaped execution in the host.
+            $cmd = 'sh -c "' . str_replace('"', '\"', $this->command)  . '"';
+
             if (!empty($this->workDir)) {
-                $exec = "docker exec -w {$this->workDir} {$this->container} {$this->command}";
+                $exec = "docker exec -w {$this->workDir} {$this->container} {$cmd}";
             } else {
-                $exec = "docker exec {$this->container} {$this->command}";
+                $exec = "docker exec {$this->container} {$cmd}";
             }
             $activity = remote_process([$exec], $this->server, ignore_errors: true);
             $this->emit('newMonitorActivity', $activity->id);