From c216e560b31bc1867c9cc4fd10483268fee9671b Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 1 Jun 2024 16:34:03 +0200
Subject: [PATCH] System: High Availability: Settings - escape shell arguments
 for consistency (https://github.com/opnsense/core/issues/7485)

---
 src/etc/inc/interfaces.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index 1efe61b7d..ad598d351 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -1281,14 +1281,14 @@ function interfaces_carp_setup()
 
     if (!empty($carp_sync_int) && isset($config['hasync']['pfsyncenabled'])) {
         if (!empty($config['hasync']['pfsyncpeerip']) && is_ipaddrv4($config['hasync']['pfsyncpeerip'])) {
-            $syncpeer = "syncpeer {$config['hasync']['pfsyncpeerip']}";
+            $syncpeer = "syncpeer " . escapeshellarg($config['hasync']['pfsyncpeerip']);
         } else {
             $syncpeer = "-syncpeer";
         }
 
         $version = '';
         if (!empty($config['hasync']['version'])) {
-            $version = 'version ' . $config['hasync']['version'];
+            $version = 'version ' . escapeshellarg($config['hasync']['version']);
         }
 
         $intf_stats = legacy_interfaces_details();
@@ -1296,7 +1296,7 @@ function interfaces_carp_setup()
         mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} {$syncpeer} {$version} up");
 
         if (!empty($intf_stats[$carp_sync_int]['mtu'])) {
-            mwexec("/sbin/ifconfig pfsync0 mtu {$intf_stats[$carp_sync_int]['mtu']}");
+            mwexec("/sbin/ifconfig pfsync0 mtu " . escapeshellarg($intf_stats[$carp_sync_int]['mtu']));
         }
     } else {
         mwexec('/sbin/ifconfig pfsync0 -syncdev -syncpeer down');