front.rb in zold-0.29.20

- old
+ new

@@ -23,10 +23,11 @@
 STDOUT.sync = true
 
 require 'get_process_mem'
 require 'thin'
 require 'haml'
+require 'shellwords'
 require 'json'
 require 'sinatra/base'
 require 'concurrent'
 require 'backtrace'
 require 'zache'
@@ -588,10 +589,10 @@
       begin
         require_relative '../commands/remote'
         Remote.new(remotes: settings.remotes, log: settings.log).run(
           [
             'remote', 'add', score.host, score.port.to_s,
-            "--network=#{settings.opts['network']}", '--ignore-if-exists'
+            "--network=#{Shellwords.escape(settings.opts['network'])}", '--ignore-if-exists'
           ] + (settings.opts['ignore-score-weakness'] ? ['--skip-ping'] : [])
         )
       rescue StandardError => e
         error(400, e.message)
       end