A c1f730c69a fix: replace eval with declare and add base64 validation (#1557) ... * fix: replace eval with declare and add base64 validation (issues #1554, #1555) - shared/key-request.sh: replace eval with declare for defense-in-depth (eval avoided when safer declare alternative exists; validated vars stay safe) - fly/lib/common.sh: add base64 output alphabet validation before shell interpolation, matching daytona/lib/common.sh proven-safe pattern Fixes #1554 Fixes #1555 Agent: team-lead Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: use printf -v instead of declare for safe variable assignment in key-request.sh Addresses security review feedback on PR #1557. The declare approach created a local variable whose export had no effect outside the function. printf -v assigns directly in the current scope without eval or command substitution. Agent: pr-maintainer Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-02-21 04:47:33 -05:00
..
common.sh	fix: validate token characters in _load_token_from_config to prevent curl injection (#1547)	2026-02-21 01:18:34 -05:00
github-auth.sh	fix: persist gh auth credentials for interactive sessions (#1491)	2026-02-19 19:30:44 -05:00
key-request.sh	fix: replace eval with declare and add base64 validation (#1557)	2026-02-21 04:47:33 -05:00