From f1ea49426bbebd29baf25e6d03f8c955a48a17b8 Mon Sep 17 00:00:00 2001
From: "Kay Marquardt (Gnadelwartz)" <kay@rrr.de>
Date: Thu, 18 Mar 2021 11:50:44 +0100
Subject: [PATCH] fix modules: jsshDB: fix removal of unwanted characters from
 untrusted input

---
 modules/jsonDB.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/jsonDB.sh b/modules/jsonDB.sh
index ecc73d2..3605386 100644
--- a/modules/jsonDB.sh
+++ b/modules/jsonDB.sh
@@ -5,7 +5,7 @@
 # This file is public domain in the USA and all free countries.
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
-#### $$VERSION$$ v1.51-dev-3-g85f7c07
+#### $$VERSION$$ v1.51-dev-4-ge60ada0
 #
 # source from commands.sh to use jsonDB functions
 #
@@ -355,10 +355,10 @@ function jssh_updateArray_async() {
 # read JSON.sh style data and asssign to an ARRAY
 # $1 ARRAY name, must be declared with "declare -A ARRAY" before calling
 Json2Array() {
-	# 		match ["....."]\t and replace \t with = and print     delete `	quote true false            escape not escaped $
 	# shellcheck disable=SC1091,SC1090
+	# step 1: output only basic pattern
 	[ -z "$1" ] || source <( printf "$1"'=( %s )'\
-		 "$(sed -E -n -e '/\["[-0-9a-zA-Z_,."]+"\]\+*\t/ s/\t/=/p' -e 's/[`´]//g' -e 's/=(true|false)/="\1"/' -e 's/([^\]|^)\$/\1\\$/g')" )
+		 "$(sed -E -n -e 's/[`´]//g' -e 's/\t(true|false)/\t"\1"/' -e 's/([^\]|^)\$/\1\\$/g' -e '/\["[-0-9a-zA-Z_,."]+"\]\+*\t/ s/\t/=/p')" )
 }
 # get Config Key from jssh file without jsshDB
 # output ARRAY as JSON.sh style data