From a5f66c6e80be2c005950fd1b1c919efcab2a89ff Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 14 Jan 2025 09:13:52 -0700
Subject: [PATCH] =?UTF-8?q?template:=20do=20not=20escape=20&=20in=20?=
 =?UTF-8?q?=E2=80=9Ccmd=E2=80=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 usr/local/share/bastille/template.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh
index 3db0cad4..58f9891a 100644
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -54,7 +54,7 @@ get_arg_name() {
 
 parse_arg_value() {
     # Parses the value after = and then escapes back/forward slashes and single quotes in it. -- cwells
-    echo "${1}" | sed -E 's/[^=]+=?//' | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/'\''/'\''\\'\'\''/g' -e 's/&/\\&/g'
+    echo "${1}" | sed -E 's/[^=]+=?//' | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/'\''/'\''\\'\'\''/g' -e 's/\\\&/\&/g'
 }
 
 get_arg_value() {
@@ -299,7 +299,7 @@ for _jail in ${JAILS}; do
                     ;;
                 cmd)
                     # Escape single-quotes in the command being executed. -- cwells
-                    _args=$(echo "${_args}" | sed "s/'/'\\\\''/g" | sed 's/&/\\&/g')
+                    _args=$(echo "${_args}" | sed "s/'/'\\\\''/g")
                     # Allow redirection within the jail. -- cwells
                     _args="sh -c '${_args}'"
                     ;;