fix: shell script quoting and argument injection hardening

Audit fixes for command injection risks in helper scripts: - moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context) - moonarch-btnote: while+read with process substitution, quoted vars - moonarch-vpn: -- guard before connection name in nmcli calls - post-install.sh: else-logging when USER_DEFAULTS dir missing
2026-03-31 11:06:14 +02:00
parent 491a3cd3e2
commit 1e19f08776
5 changed files with 19 additions and 8 deletions
@@ -89,6 +89,8 @@ if [[ -d "$USER_DEFAULTS" ]]; then
            fi
        done
    done
+else
+    err "USER_DEFAULTS not found: $USER_DEFAULTS — skipping user config defaults."
 fi

 # --- Zsh user config ---