From 3e422bc2bf0e59044e6c0b9502c9bf30cc1c9258 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:10:02 -0400
Subject: [PATCH 01/11] Adds shellcheck source comments

This will allow someone to use shellcheck(1) to automatically check
any referenced code using `shellcheck -x scripts/web-add.sh`
---
 scripts/web-add.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index b8813c9..b49b0d9 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -52,6 +52,7 @@ PHP_VERSIONS=()
 
 # Utiliser ce fichier pour redefinir la valeur des variables ci-dessus
 config_file="/etc/evolinux/web-add.conf"
+# shellcheck source=/etc/evolinux/web-add.conf
 [ -r $config_file ] && . $config_file
 
 usage() {
@@ -228,6 +229,7 @@ create_www_account() {
     ############################################################################
 
     if [ -f $PRE_LOCAL_SCRIPT ]; then
+    	# shellcheck source=/usr/share/scripts/evoadmin/web-add.pre-local.sh
         source $PRE_LOCAL_SCRIPT
     fi
 
@@ -479,6 +481,7 @@ EOT
     ############################################################################
 
     if [ -f $LOCAL_SCRIPT ]; then
+    	# shellcheck source=/usr/share/scripts/evoadmin/web-add.local.sh
         source $LOCAL_SCRIPT
     fi
 

From 866f20ef47af4f70fecdefb5438f9db880afe488 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:25:23 -0400
Subject: [PATCH 02/11] Adds double quoting to prevent shell globing

modified:   web-add.sh
---
 scripts/web-add.sh | 162 ++++++++++++++++++++++-----------------------
 1 file changed, 81 insertions(+), 81 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index b49b0d9..e820956 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -149,12 +149,12 @@ validate_login() {
 
     length=${#login}
 
-    if [ $length -lt 3 ]; then
+    if [ "$length" -lt 3 ]; then
         in_error "Le login doit contenir plus de 2 caracteres"
         return 1
     fi
 
-    if [ $length -gt $MAX_LOGIN_CHAR ]; then
+    if [ "$length" -gt $MAX_LOGIN_CHAR ]; then
         in_error "Le login ne doit pas contenir plus de $MAX_LOGIN_CHAR caracteres"
         return 1
     fi
@@ -164,7 +164,7 @@ validate_passwd() {
     passwd=$1
     length=${#passwd}
 
-    if [ $length -lt 6 ] && [ $length -gt 0 ]; then
+    if [ "$length" -lt 6 ] && [ "$length" -gt 0 ]; then
         in_error "Le mot de passe doit avoir au moins 6 caracteres"
         return 1
     fi
@@ -200,12 +200,12 @@ validate_phpversion() {
 }
 
 validate_quota() {
-    quota_soft=$(echo $1 |cut -f 1 -d:)
-    quota_hard=$(echo $1 |cut -f 2 -d:)
+    quota_soft=$(echo "$1" |cut -f 1 -d:)
+    quota_hard=$(echo "$1" |cut -f 2 -d:)
     if [ -z "$quota_soft" ] || [ -z "$quota_hard" ]; then
         in_error "Le quota soft et le quota hard doivent être spécifiés sous la forme <quota soft>:<quota hard>."
         return 1
-    elif [ $quota_soft -gt $quota_hard ]; then
+    elif [ "$quota_soft" -gt "$quota_hard" ]; then
         in_error "Le quota hard doit être plus grand que le quota soft."
         return 1
     fi
@@ -264,26 +264,26 @@ create_www_account() {
     [ -z "$in_sshkey" ] || [ -n "$HOME_DIR_USER" ] && mkdir "$HOME_DIR_USER/.ssh" && echo "$in_sshkey" > "$HOME_DIR_USER/.ssh/authorized_keys" \
         && chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" && chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"
     if [ "$WEB_SERVER" == "apache" ]; then
-        /usr/sbin/adduser --disabled-password --home $HOME_DIR_USER/www \
-            --no-create-home --shell /bin/false --gecos "WWW $in_login" www-$in_login $OPT_WWWUID $OPT_WWWUID_ARG --ingroup $in_login --force-badname >/dev/null
+        /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www \
+            --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" "$OPT_WWWUID" "$OPT_WWWUID_ARG" --ingroup "$in_login" --force-badname > /dev/null
     elif [ "$WEB_SERVER" == "nginx" ]; then
         # Adding user www-data to group $in_login.
         # And primary group www-data for $in_login.
-        adduser www-data $in_login
-        usermod -g www-data $in_login
+        adduser www-data "$in_login"
+        usermod -g www-data "$in_login"
     fi
 
     # Get uid/gid for newly created accounts
-    uid=$(id -u $in_login)
-    gid=$(id -g $in_login)
-    www_uid=$(id -u www-$in_login)
+    uid=$(id -u "$in_login")
+    gid=$(id -g "$in_login")
+    www_uid=$(id -u www-"$in_login")
 
     # Create users inside all containers
-    for php_version in ${PHP_VERSIONS[@]}; do
-        lxc-attach -n php${php_version} -- /usr/sbin/addgroup "$in_login" --gid $gid --force-badname >/dev/null
-        lxc-attach -n php${php_version} -- /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash --uid $uid --gid $gid --force-badname --home "$HOME_DIR_USER" >/dev/null
-        lxc-attach -n php${php_version} -- [ -z "$in_sshkey" ] && echo "$in_login:$in_passwd" | chpasswd --md5
-        lxc-attach -n php${php_version} -- /usr/sbin/adduser --disabled-password --home $HOME_DIR_USER/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-$in_login --uid $www_uid --ingroup $in_login --force-badname >/dev/null
+    for php_version in "${PHP_VERSIONS[@]}"; do
+        lxc-attach -n php"${php_version}" -- /usr/sbin/addgroup "$in_login" --gid "$gid" --force-badname >/dev/null
+        lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash --uid "$uid" --gid "$gid" --force-badname --home "$HOME_DIR_USER" >/dev/null
+        lxc-attach -n php"${php_version}" -- [ -z "$in_sshkey" ] && echo "$in_login:$in_passwd" | chpasswd --md5
+        lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
     done
 
     if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
@@ -313,49 +313,49 @@ create_www_account() {
 
     ############################################################################
 
-    chmod 750 $HOME_DIR_USER/
+    chmod 750 "$HOME_DIR_USER"/
 
     # Répertoires par défaut
-    mkdir -p $HOME_DIR_USER/{log,www,awstats}
-    chown $in_login:$in_login $HOME_DIR_USER/www
-    chgrp $in_login $HOME_DIR_USER/{log,awstats}
-    chmod 750 $HOME_DIR_USER/{log,www,awstats}
+    mkdir -p "$HOME_DIR_USER"/{log,www,awstats}
+    chown "$in_login":"$in_login" "$HOME_DIR_USER"/www
+    chgrp "$in_login" "$HOME_DIR_USER"/{log,awstats}
+    chmod 750 "$HOME_DIR_USER"/{log,www,awstats}
 
     # Ajout des logs par defaut
-    touch $HOME_DIR_USER/log/access.log
-    touch $HOME_DIR_USER/log/error.log
-    touch $HOME_DIR_USER/log/php.log
-    chgrp $in_login $HOME_DIR_USER/log/access.log
-    chgrp $in_login $HOME_DIR_USER/log/error.log
+    touch "$HOME_DIR_USER"/log/access.log
+    touch "$HOME_DIR_USER"/log/error.log
+    touch "$HOME_DIR_USER"/log/php.log
+    chgrp "$in_login" "$HOME_DIR_USER"/log/access.log
+    chgrp "$in_login" "$HOME_DIR_USER"/log/error.log
     if [ "$WEB_SERVER" == "apache" ]; then
-        chown www-$in_login:$in_login $HOME_DIR_USER/log/php.log
+        chown www-"$in_login":"$in_login" "$HOME_DIR_USER"/log/php.log
     fi
     # There is no php.log for nginx ATM, it will go in error.log.
-    chmod 640 $HOME_DIR_USER/log/access.log
-    chmod 640 $HOME_DIR_USER/log/error.log
-    chmod 640 $HOME_DIR_USER/log/php.log
+    chmod 640 "$HOME_DIR_USER"/log/access.log
+    chmod 640 "$HOME_DIR_USER"/log/error.log
+    chmod 640 "$HOME_DIR_USER"/log/php.log
 
     step_ok "Création du répertoire personnel"
 
     ############################################################################
 
     if [ -n "$in_quota" ]; then
-        quota_soft=$(($(echo $in_quota |cut -f 1 -d:) * 1024 * 1024))
-        quota_hard=$(($(echo $in_quota |cut -f 2 -d:) * 1024 * 1024))
-        setquota --remote --user $in_login $quota_soft $quota_hard 0 0 /home
+        quota_soft=$(($(echo "$in_quota" |cut -f 1 -d:) * 1024 * 1024))
+        quota_hard=$(($(echo "$in_quota" |cut -f 2 -d:) * 1024 * 1024))
+        setquota --remote --user "$in_login" $quota_soft $quota_hard 0 0 /home
     fi
 
     ############################################################################
 
     # Create FPM pool on all containers.
-    for php_version in ${PHP_VERSIONS[@]}; do
+    for php_version in "${PHP_VERSIONS[@]}"; do
         if [ "$php_version" = "70" ]; then
             pool_path="/etc/php/7.0/fpm/pool.d/"
         else
             pool_path="/etc/php5/fpm/pool.d/"
         fi
         phpfpm_socket_path="/home/${in_login}/php-fpm${php_version}.sock"
-        cat <<EOT >/var/lib/lxc/php${php_version}/rootfs/${pool_path}/${in_login}.conf
+        cat <<EOT >/var/lib/lxc/php"${php_version}"/rootfs/${pool_path}/"${in_login}".conf
 [${in_login}]
 user = ${in_login}
 group = ${in_login}
@@ -381,7 +381,7 @@ EOT
 
         if [ ${#PHP_VERSIONS[@]} -gt 0 ]; then
             phpfpm_socket_path="/home/${in_login}/php-fpm${in_phpversion}.sock"
-            cat <<EOT >>$vhostfile
+            cat <<EOT >>"$vhostfile"
     <Proxy "unix:${phpfpm_socket_path}|fcgi://localhost/" timeout=300>
     </Proxy>
     <FilesMatch "\.php$">
@@ -390,7 +390,7 @@ EOT
 </VirtualHost>
 EOT
         else
-            cat <<EOT >>$vhostfile
+            cat <<EOT >>"$vhostfile"
 </VirtualHost>
 EOT
         fi
@@ -401,7 +401,7 @@ EOT
             sed -i -e "s/^\(.*\)#\(ServerAlias\).*$/\1\2 $subweb/" $vhostfile
         fi
 
-        a2ensite $in_login >/dev/null
+        a2ensite "$in_login" >/dev/null
 
         step_ok "Configuration d'Apache"
 
@@ -431,8 +431,8 @@ EOT
             > /etc/awstats/awstats.$in_login.conf
     chmod 644 /etc/awstats/awstats.$in_login.conf
 
-       VAR=`grep -v "^#" /etc/cron.d/awstats |tail -1 | cut -d " " -f1`
-    if [ "$VAR" = "" ] || [ $VAR -ge 59 ]; then
+       VAR=$(grep -v "^#" /etc/cron.d/awstats |tail -1 | cut -d " " -f1)
+    if [ "$VAR" = "" ] || [ "$VAR" -ge 59 ]; then
         VAR=1
     else
         VAR=$(($VAR +1))
@@ -450,7 +450,7 @@ EOT
         echo "FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
 
         my_cnf_file="$HOME_DIR_USER/.my.cnf"
-        cat >$my_cnf_file <<-EOT
+        cat > "$my_cnf_file" <<-EOT
 [client]
 user = $in_login
 password = "$in_dbpasswd"
@@ -458,8 +458,8 @@ password = "$in_dbpasswd"
 [mysql]
 database = $in_dbname
 EOT
-        chown $in_login $my_cnf_file
-        chmod 600 $my_cnf_file
+        chown "$in_login" "$my_cnf_file"
+        chmod 600 "$my_cnf_file"
 
         step_ok "Création base de données et compte MySQL"
     fi
@@ -492,7 +492,7 @@ EOT
     if [ "$WEB_SERVER" == "apache" ]; then
         apache2ctl configtest 2>/dev/null
         /etc/init.d/apache2 force-reload >/dev/null
-        for php_version in ${PHP_VERSIONS[@]}; do
+        for php_version in "${PHP_VERSIONS[@]}"; do
             if [ "$php_version" = "70" ]; then
                 initscript_path="/etc/init.d/php7.0-fpm"
                 binary="php-fpm7.0"
@@ -500,8 +500,8 @@ EOT
                 initscript_path="/etc/init.d/php5-fpm"
                 binary="php5-fpm"
             fi
-            lxc-attach -n php${php_version} -- $binary --test >/dev/null
-            lxc-attach -n php${php_version} -- $initscript_path restart >/dev/null
+            lxc-attach -n php"${php_version}" -- $binary --test >/dev/null
+            lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
             step_ok "Rechargement de php-fpm dans php${php_version}"
         done
 
@@ -511,8 +511,8 @@ EOT
 ############################################################################
 
     if [ "$WEB_SERVER" == "nginx" ]; then
-        fpm_status=$(echo -n $in_login | md5sum | cut -d' ' -f1)
-        cat <<EOT> /etc/munin/plugin-conf.d/phpfpm_${in_login}_
+        fpm_status=$(echo -n "$in_login" | md5sum | cut -d' ' -f1)
+        cat <<EOT> /etc/munin/plugin-conf.d/phpfpm_"${in_login}"_
 
 [phpfpm_${in_login}_*]
 env.url http://munin:%d/fpm_status_$fpm_status
@@ -522,7 +522,7 @@ env.phppool $in_login
 EOT
         for name in average connections memory processes status; do
         ln -s /usr/local/share/munin/plugins/phpfpm_${name} \
-            /etc/munin/plugins/phpfpm_${in_login}_${name}
+            /etc/munin/plugins/phpfpm_"${in_login}"_${name}
         done
         cat <<EOT>> /etc/nginx/evolinux.d/munin-plugins.conf
 
@@ -536,7 +536,7 @@ location ~ ^/fpm_status_${fpm_status}$ {
 }
 EOT
         sed -i "s#SED_STATUS#/fpm_status_${fpm_status}#" \
-            ${FPM_PATH}/${in_login}.conf
+            ${FPM_PATH}/"${in_login}".conf
         /etc/init.d/nginx reload
         /etc/init.d/${FPM_SERVICE_NAME} reload
         /etc/init.d/munin-node restart
@@ -564,14 +564,14 @@ op_del() {
     read
 
     set -x
-    userdel $login
+    userdel "$login"
     if [ "$WEB_SERVER" == "apache" ]; then
-        userdel www-$login
+        userdel www-"$login"
     fi
-    groupdel $login
-    for php_version in ${PHP_VERSIONS[@]}; do
-        lxc-attach -n php${php_version} -- userdel -f $login
-        lxc-attach -n php${php_version} -- userdel -f www-$login
+    groupdel "$login"
+    for php_version in "${PHP_VERSIONS[@]}"; do
+        lxc-attach -n php"${php_version}" -- userdel -f "$login"
+        lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
     done
     sed -i.bak "/^$login:/d" /etc/aliases
     if [ "$WEB_SERVER" == "apache" ]; then
@@ -590,12 +590,12 @@ op_del() {
     fi
 
     if [ "$WEB_SERVER" == "apache" ]; then
-        a2dissite $login
-        rm /etc/apache2/sites-available/$login.conf
-        rm /etc/awstats/awstats.$login.conf
+        a2dissite "$login"
+        rm /etc/apache2/sites-available/"$login.conf"
+        rm /etc/awstats/awstats."$login.conf"
         sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
         apache2ctl configtest
-        for php_version in ${PHP_VERSIONS[@]}; do
+        for php_version in "${PHP_VERSIONS[@]}"; do
             if [ "$php_version" = "70" ]; then
                 phpfpm_dir="/etc/php5/fpm/pool.d/"
                 initscript_path="/etc/init.d/php7.0-fpm"
@@ -603,14 +603,14 @@ op_del() {
                 phpfpm_dir="/etc/php/7.0/fpm/pool.d/"
                 initscript_path="/etc/init.d/php5-fpm"
             fi
-            rm /var/lib/lxc/php${php_version}/rootfs/${phpfpm_dir}/${login}.conf
-            lxc-attach -n php${php_version} -- $initscript_path restart >/dev/null
+            rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
+            lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
         done
     elif [ "$WEB_SERVER" == "nginx" ]; then
 
-        rm /etc/nginx/sites-{available,enabled}/$login
-        rm /etc/awstats/awstats.$login.conf
-        rm /etc/munin/plugins/phpfpm_${in_login}*
+        rm /etc/nginx/sites-{available,enabled}/"$login"
+        rm /etc/awstats/awstats."$login.conf"
+        rm /etc/munin/plugins/phpfpm_"${in_login}"*
         sed -i.bak "/-config=$login/d" /etc/cron.d/awstats
         nginx -t
     fi
@@ -634,7 +634,7 @@ op_setphpversion() {
     login="$1"
     phpversion="$2"
 
-    validate_phpversion $phpversion
+    validate_phpversion "$phpversion"
 
     sed -i "s#^\( \+SetHandler proxy:unix:/home/.*/php-fpm\)..\(\.sock\)#\1${phpversion}\2#" /etc/apache2/sites-available/${login}.conf
     sed -i "s#^\( \+<Proxy .*unix:/home/.*/php-fpm\)..\(\.sock\)#\1${phpversion}\2#" /etc/apache2/sites-available/${login}.conf
@@ -652,11 +652,11 @@ op_setquota() {
     login="$1"
     quota="$2"
 
-    validate_quota $quota
+    validate_quota "$quota"
 
-    quota_soft=$(($(echo $quota |cut -f 1 -d:) * 1024 * 1024))
-    quota_hard=$(($(echo $quota |cut -f 2 -d:) * 1024 * 1024))
-    setquota --remote --user $login $quota_soft $quota_hard 0 0 /home
+    quota_soft=$(($(echo "$quota" |cut -f 1 -d:) * 1024 * 1024))
+    quota_hard=$(($(echo "$quota" |cut -f 2 -d:) * 1024 * 1024))
+    setquota --remote --user "$login" $quota_soft $quota_hard 0 0 /home
 
     DATE=$(date +"%Y-%m-%d")
     echo "$DATE [web-add.sh] quota set to $quota for $login" >> /var/log/evolix.log
@@ -716,12 +716,12 @@ op_listvhost() {
             serveraliases=`echo $serveraliases | sed 's/ \+/,/g'`
             userid=`awk '/^[[:space:]]*AssignUserID.*/ { print $3 }' $configfile | head -n 1`
             if [ -x /usr/bin/quota ]; then
-                size=$(quota --no-wrap --human-readable $userid |grep /home |awk '{print $2}')
-                quota_soft=$(quota --no-wrap --human-readable $userid |grep /home |awk '{print $3}')
-                quota_hard=$(quota --no-wrap --human-readable $userid |grep /home |awk '{print $4}')
+                size=$(quota --no-wrap --human-readable "$userid" |grep /home |awk '{print $2}')
+                quota_soft=$(quota --no-wrap --human-readable "$userid" |grep /home |awk '{print $3}')
+                quota_hard=$(quota --no-wrap --human-readable "$userid" |grep /home |awk '{print $4}')
             fi
-            phpversion=$(perl -ne 'print $1 if (m!^\s+SetHandler proxy:unix:/home/.*/php-fpm(\d{2})\.sock!)' $configfile)
-            if [ -e /etc/apache2/sites-enabled/${userid}.conf ]; then
+            phpversion=$(perl -ne 'print $1 if (m!^\s+SetHandler proxy:unix:/home/.*/php-fpm(\d{2})\.sock!)' "$configfile")
+            if [ -e /etc/apache2/sites-enabled/"${userid}".conf ]; then
                 is_enabled=1
             else
                 is_enabled=0
@@ -753,7 +753,7 @@ op_aliasdel() {
         vhost="${1}.conf"
         alias=$2
 
-        [ -f $VHOST_PATH/$vhost ] && sed -i -e "/ServerAlias $alias/d" $VHOST_PATH/$vhost --follow-symlinks
+        [ -f $VHOST_PATH/"$vhost" ] && sed -i -e "/ServerAlias $alias/d" $VHOST_PATH/"$vhost" --follow-symlinks
 
         apache2ctl configtest 2>/dev/null
         /etc/init.d/apache2 force-reload >/dev/null
@@ -921,8 +921,8 @@ op_add() {
             validate_wwwdomain $in_wwwdomain || exit 1
             [ -z "$in_mail" ] && in_mail=$CONTACT_MAIL
             validate_mail $in_mail || exit 1
-            [ -n "$in_phpversion" ] && (validate_phpversion $in_phpversion || exit 1)
-            [ -n "$in_quota" ] && (validate_quota $in_quota || exit 1)
+            [ -n "$in_phpversion" ] && (validate_phpversion "$in_phpversion" || exit 1)
+            [ -n "$in_quota" ] && (validate_quota "$in_quota" || exit 1)
         fi
     fi
 
@@ -961,4 +961,4 @@ op_add() {
 }
 
 # Point d'entrée
-arg_processing $*
+arg_processing "$*"

From 4aa03326393dd4cd76d29c5d0a2e129ac2e799b4 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:32:47 -0400
Subject: [PATCH 03/11] Use "$@" (with quotes) to prevent whitespace problems

https://github.com/koalaman/shellcheck/wiki/SC2048
modified:   web-add.sh
---
 scripts/web-add.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index e820956..d9017e9 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -193,7 +193,7 @@ validate_mail() {
 
 validate_phpversion() {
     php_version="$1"
-    if [[ ! " ${PHP_VERSIONS[@]} " =~ " ${php_version} " ]]; then
+    if [[ ! " ${PHP_VERSIONS[*]} " =~ ${php_version} ]]; then
         in_error "Version de PHP incorrecte."
         return 1
     fi
@@ -674,25 +674,25 @@ arg_processing() {
 
         case "$commandname" in
         add)
-            op_add $*
+            op_add "$@"
             ;;
         del)
-            op_del $*
+            op_del "$@"
             ;;
         list-vhost)
-            op_listvhost $*
+            op_listvhost "$@"
             ;;
         add-alias)
-            op_aliasadd $*
+            op_aliasadd "$@"
             ;;
         del-alias)
-            op_aliasdel $*
+            op_aliasdel "$@"
             ;;
         setphpversion)
-            op_setphpversion $*
+            op_setphpversion "$@"
             ;;
         setquota)
-            op_setquota $*
+            op_setquota "$@"
             ;;
         *)
             usage

From 2861d90119bf0f43cfc17df2eeaf161612207b12 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:35:23 -0400
Subject: [PATCH 04/11] Fixes optional group creation

The optional group creation flag in scripts/web-add.sh was never used.
---
 scripts/web-add.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index d9017e9..66aeeff 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -259,7 +259,7 @@ create_www_account() {
     ############################################################################
 
 
-    /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash $OPT_UID $OPT_UID_ARG --force-badname --home "$HOME_DIR_USER" >/dev/null
+    /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash "$OPT_UID" "$OPT_UID_ARG" "$OPT_GID" "$OPT_GID_ARG"  --force-badname --home "$HOME_DIR_USER" >/dev/null
     [ -z "$in_sshkey" ] && echo "$in_login:$in_passwd" | chpasswd --md5
     [ -z "$in_sshkey" ] || [ -n "$HOME_DIR_USER" ] && mkdir "$HOME_DIR_USER/.ssh" && echo "$in_sshkey" > "$HOME_DIR_USER/.ssh/authorized_keys" \
         && chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" && chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"

From 5d2d8be5ada180be143496cad875db43b687ff0c Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:39:23 -0400
Subject: [PATCH 05/11] Prefer explicit escaping

https://github.com/koalaman/shellcheck/wiki/SC1117
modified:   scripts/web-add.sh
---
 scripts/web-add.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 66aeeff..701d044 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -287,7 +287,7 @@ create_www_account() {
     done
 
     if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
-        if ! grep -qE "^AllowGroups(\s+\S+)*(\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
+        if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
             sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config
             groupadd --force $SSH_GROUP
         fi
@@ -384,7 +384,7 @@ EOT
             cat <<EOT >>"$vhostfile"
     <Proxy "unix:${phpfpm_socket_path}|fcgi://localhost/" timeout=300>
     </Proxy>
-    <FilesMatch "\.php$">
+    <FilesMatch "\\.php$">
         SetHandler proxy:unix:${phpfpm_socket_path}|fcgi://localhost/
     </FilesMatch>
 </VirtualHost>
@@ -396,9 +396,9 @@ EOT
         fi
 
         # On active aussi example.com si domaine commence par "www." comme www.example
-        if echo $in_wwwdomain | grep '^www.' > /dev/null; then
-            subweb=`echo $in_wwwdomain | sed -e "s/www.//"`
-            sed -i -e "s/^\(.*\)#\(ServerAlias\).*$/\1\2 $subweb/" $vhostfile
+        if echo "$in_wwwdomain" | grep '^www.' > /dev/null; then
+            subweb="${in_wwwdomain#www.}"
+            sed -i -e "s/^\\(.*\\)#\\(ServerAlias\\).*$/\\1\\2 $subweb/" "$vhostfile"
         fi
 
         a2ensite "$in_login" >/dev/null
@@ -636,8 +636,8 @@ op_setphpversion() {
 
     validate_phpversion "$phpversion"
 
-    sed -i "s#^\( \+SetHandler proxy:unix:/home/.*/php-fpm\)..\(\.sock\)#\1${phpversion}\2#" /etc/apache2/sites-available/${login}.conf
-    sed -i "s#^\( \+<Proxy .*unix:/home/.*/php-fpm\)..\(\.sock\)#\1${phpversion}\2#" /etc/apache2/sites-available/${login}.conf
+    sed -i "s#^\\( \\+SetHandler proxy:unix:/home/.*/php-fpm\\)..\\(\\.sock\\)#\\1${phpversion}\\2#" /etc/apache2/sites-available/"${login}".conf
+    sed -i "s#^\\( \\+<Proxy .*unix:/home/.*/php-fpm\\)..\\(\\.sock\\)#\\1${phpversion}\\2#" /etc/apache2/sites-available/"${login}".conf
     /etc/init.d/apache2 force-reload >/dev/null
 
     DATE=$(date +"%Y-%m-%d")
@@ -739,7 +739,7 @@ op_aliasadd() {
         vhost="${1}.conf"
         alias=$2
 
-        [ -f $VHOST_PATH/$vhost ] && sed -i -e "s/\(ServerName .*\)/\1\n\tServerAlias $alias/" $VHOST_PATH/$vhost --follow-symlinks
+        [ -f $VHOST_PATH/"$vhost" ] && sed -i -e "s/\\(ServerName .*\\)/\\1\\n\\tServerAlias $alias/" "$VHOST_PATH"/"$vhost" --follow-symlinks
 
         apache2ctl configtest 2>/dev/null
         /etc/init.d/apache2 force-reload >/dev/null

From f4fae90eb1bf70e96d9724a671bc22ba02f96d5f Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:43:26 -0400
Subject: [PATCH 06/11] Useless cat

https://github.com/koalaman/shellcheck/wiki/SC2002
modified:   scripts/web-add.sh
---
 scripts/web-add.sh | 53 +++++++++++++++++++++++++++++-----------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 701d044..4fe2278 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -376,8 +376,7 @@ EOT
     random=$RANDOM
     if [ "$WEB_SERVER" == "apache" ]; then
         vhostfile="/etc/apache2/sites-available/${in_login}.conf"
-        cat $TPL_VHOST | \
-            sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" >$vhostfile
+        sed -e "s/XXX/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/RANDOM/$random/ ; s#HOME_DIR#$HOME_DIR#" < $TPL_VHOST > "$vhostfile"
 
         if [ ${#PHP_VERSIONS[@]} -gt 0 ]; then
             phpfpm_socket_path="/home/${in_login}/php-fpm${in_phpversion}.sock"
@@ -406,12 +405,12 @@ EOT
         step_ok "Configuration d'Apache"
 
     elif [ "$WEB_SERVER" == "nginx" ]; then
-        cat $TPL_VHOST | \
-            sed -e "
-            s/DOMAIN/${in_wwwdomain}/g;
-            s/LOGIN/${in_login}/g;" > ${VHOST_PATH}/$in_login
-        ln -s /etc/nginx/sites-available/$in_login \
-            /etc/nginx/sites-enabled/$in_login
+        sed -e \
+        "s/DOMAIN/${in_wwwdomain}/g; s/LOGIN/${in_login}/g;" \
+        < "$TPL_VHOST" \
+        > ${VHOST_PATH}/"$in_login"
+        ln -s /etc/nginx/sites-available/"$in_login" \
+            /etc/nginx/sites-enabled/"$in_login"
 
         /etc/init.d/nginx restart
 
@@ -419,17 +418,16 @@ EOT
 
         ############################################################################
 
-        cat $TPL_FPM | \
-        sed -e "s/SED_LOGIN/${in_login}/g;" > ${FPM_PATH}/${in_login}.conf
+        sed -e "s/SED_LOGIN/${in_login}/g;" \
+        < $TPL_FPM > ${FPM_PATH}/"${in_login}".conf
         step_ok "Creation du pool PHP-FPM"
 
         ############################################################################
     fi
 
-    cat $TPL_AWSTATS | \
-        sed -e "s/XXX/$in_login/ ; s/SERVERNAME/$in_wwwdomain/ ; s#HOME_DIR#$HOME_DIR#" \
-            > /etc/awstats/awstats.$in_login.conf
-    chmod 644 /etc/awstats/awstats.$in_login.conf
+    sed -e "s/XXX/$in_login/ ; s/SERVERNAME/$in_wwwdomain/ ; s#HOME_DIR#$HOME_DIR#" \
+        < $TPL_AWSTATS > /etc/awstats/awstats."$in_login".conf
+    chmod 644 /etc/awstats/awstats."$in_login".conf
 
        VAR=$(grep -v "^#" /etc/cron.d/awstats |tail -1 | cut -d " " -f1)
     if [ "$VAR" = "" ] || [ "$VAR" -ge 59 ]; then
@@ -467,13 +465,28 @@ EOT
     ############################################################################
 
     if [ "$in_dbname" ]; then
-        cat $TPL_MAIL | \
-            sed -e "s/LOGIN/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/PASSE1/$in_passwd/ ; s/PASSE2/$in_dbpasswd/ ; s/RANDOM/$random/ ; s/QUOTA/$quota/ ; s/RCPTTO/$in_mail/ ; s/DBNAME/$in_dbname/ ; s#HOME_DIR#$HOME_DIR#"| \
-            /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
+        sed -e "
+        s/LOGIN/$in_login/g ; 
+        s/SERVERNAME/$in_wwwdomain/ ; 
+        s/PASSE1/$in_passwd/ ; 
+        s/PASSE2/$in_dbpasswd/ ; 
+        s/RANDOM/$random/ ; 
+        s/QUOTA/$quota/ ; 
+        s/RCPTTO/$in_mail/ ; 
+        s/DBNAME/$in_dbname/ ; 
+        s#HOME_DIR#$HOME_DIR#" \
+        < $TPL_MAIL | /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
     else
-        cat $TPL_MAIL | \
-            sed -e "s/LOGIN/$in_login/g ; s/SERVERNAME/$in_wwwdomain/ ; s/PASSE1/$in_passwd/ ; s/RANDOM/$random/ ; s/QUOTA/$quota/ ; s/RCPTTO/$in_mail/ ; s#HOME_DIR#$HOME_DIR# ; 39,58d"| \
-            /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
+        sed -e "
+            s/LOGIN/$in_login/g ; 
+            s/SERVERNAME/$in_wwwdomain/ ; 
+            s/PASSE1/$in_passwd/ ; 
+            s/RANDOM/$random/ ; 
+            s/QUOTA/$quota/ ; 
+            s/RCPTTO/$in_mail/ ; 
+            s#HOME_DIR#$HOME_DIR# ; 
+            39,58d" \
+            < $TPL_MAIL | /usr/lib/sendmail -oi -t -f "$CONTACT_MAIL"
     fi
 
     step_ok "Envoi du mail récapitulatif"

From 05c9525d7ee6cd4cc4bfb66e0f6017f1715f2b47 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:46:16 -0400
Subject: [PATCH 07/11] $/${} is unnecessary on arithmetic variables

https://github.com/koalaman/shellcheck/wiki/SC2004
modified:   scripts/web-add.sh
---
 scripts/web-add.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 4fe2278..0b6f48a 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -433,7 +433,7 @@ EOT
     if [ "$VAR" = "" ] || [ "$VAR" -ge 59 ]; then
         VAR=1
     else
-        VAR=$(($VAR +1))
+        VAR=$((VAR +1))
     fi
 
     echo "$VAR * * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.$in_login.conf -a -r $HOME_DIR_USER/log/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=$in_login -update >/dev/null" >> /etc/cron.d/awstats
@@ -918,7 +918,7 @@ op_add() {
             esac
         done
 
-        shift $(($OPTIND - 1))
+        shift $((OPTIND - 1))
         if [ $# -ne 2 ]; then
             usage
             exit 1

From 97bad77040331fe14956be95a621fe96e5c1d52e Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:49:43 -0400
Subject: [PATCH 08/11] Add -r to read

I'm less certain about the necessity of this, but if it doesnt cause
problems, I dont see why not.
https://github.com/koalaman/shellcheck/wiki/SC2162
modified:   scripts/web-add.sh
---
 scripts/web-add.sh | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 0b6f48a..9c75532 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -574,7 +574,7 @@ op_del() {
     fi
 
     echo "Deleting account $login. Continue ?"
-    read
+    read -r
 
     set -x
     userdel "$login"
@@ -631,7 +631,7 @@ op_del() {
 
     if [ -n "$dbname" ]; then
         echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
-        read
+        read -r
 
         set -x
         echo "DROP DATABASE $dbname; delete from mysql.user where user='$login' ; FLUSH PRIVILEGES;" | mysql $MYSQL_OPTS
@@ -787,7 +787,7 @@ op_add() {
 
         until [ "$in_login" ]; do
             echo -n "Entrez le login du nouveau compte : "
-            read tmp
+            read -r tmp
             if validate_login "$tmp"; then
                 in_login="$tmp"
             fi
@@ -795,7 +795,7 @@ op_add() {
 
         until [ "$in_passwd" ]; do
             echo -n "Entrez le mot de passe FTP/SFTP/SSH (ou vide pour aleatoire) : "
-            read -s tmp
+            read -rs tmp
             echo
 
             if [ -z "$tmp" ]; then
@@ -808,12 +808,12 @@ op_add() {
         done
 
         echo -n "Voulez-vous aussi un compte/base MySQL ? [Y|n] "
-        read confirm
+        read -r confirm
 
         if [ "$confirm" != "n" ] && [ "$confirm" != "N" ]; then
             until [ "$in_dbname" ]; do
                 echo -n "Entrez le nom de la base de donnees ($in_login par defaut) : "
-                read tmp
+                read -r tmp
 
                 if [ -z "$tmp" ]; then
                     tmp=$in_login
@@ -826,7 +826,7 @@ op_add() {
 
             until [ "$in_dbpasswd" ]; do
                 echo -n "Entrez le mot de passe MySQL (ou vide pour aleatoire) : "
-                read -s tmp
+                read -rs tmp
                 echo
 
                 if [ -z "$tmp" ]; then
@@ -841,7 +841,7 @@ op_add() {
 
         until [ "$in_wwwdomain" ]; do
             echo -n "Entrez le nom de domaine web (ex: foo.example.com) : "
-            read tmp
+            read -r tmp
             if validate_wwwdomain "$tmp"; then
                 in_wwwdomain="$tmp"
             fi
@@ -849,8 +849,8 @@ op_add() {
 
         if [ ${#PHP_VERSIONS[@]} -gt 0 ]; then
             until [ "$in_phpversion" ]; do
-                echo -n "Entrez la version de PHP désirée parmis ${PHP_VERSIONS[@]} : "
-                read tmp
+                echo -n "Entrez la version de PHP désirée parmis ${PHP_VERSIONS[*]} : "
+                read -r tmp
                 if validate_phpversion "$tmp"; then
                     in_phpversion="$tmp"
                 fi
@@ -859,7 +859,7 @@ op_add() {
 
         until [ "$in_mail" ]; do
             echo -n "Entrez votre adresse mail pour recevoir le mail de creation ($CONTACT_MAIL par défaut) : "
-            read tmp
+            read -r tmp
             if [ -z "$tmp" ]; then
                 tmp="$CONTACT_MAIL"
             fi
@@ -958,7 +958,7 @@ op_add() {
 
     if [ -z "$force_confirm" ]; then
         echo -n "Confirmer la création ? [y/N] : "
-        read tmp
+        read -r tmp
         echo
         if [ "$tmp" != "y" ] && [ "$tmp" != "Y" ]; then
             echo "Annulation..."

From e596e3d520f6e1a7b5d0e6b7fe20e9e839c7d307 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 16 Oct 2018 14:51:50 -0400
Subject: [PATCH 09/11] Use $(..) instead of legacy `..`

https://github.com/koalaman/shellcheck/wiki/SC2006
modified:   scripts/web-add.sh
---
 scripts/web-add.sh | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index 9c75532..ea64777 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -597,7 +597,7 @@ op_del() {
     fi
 
     if [ -d "$HOME_DIR/$login" ]; then
-        mv -i $HOME_DIR/$login $HOME_DIR/$login.`date '+%Y%m%d-%H%M%S'`.bak
+        mv -i $HOME_DIR/"$login" $HOME_DIR/"$login"."$(date '+%Y%m%d-%H%M%S')".bak
     else
         echo "warning : $HOME_DIR/$login does not exist"
     fi
@@ -723,11 +723,11 @@ op_listvhost() {
 
 
     for configfile in $configlist; do
-        if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl)\.conf$"; then
-            servername=`awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' $configfile | head -n 1`
-            serveraliases=`perl -ne 'print "$1 " if /^[[:space:]]*ServerAlias (.*)/' $configfile | head -n 1`
-            serveraliases=`echo $serveraliases | sed 's/ \+/,/g'`
-            userid=`awk '/^[[:space:]]*AssignUserID.*/ { print $3 }' $configfile | head -n 1`
+        if [ -r "$configfile" ] && echo "$configfile" |grep -qvE "/(000-default|default-ssl)\\.conf$"; then
+            servername="$(awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' "$configfile" | head -n 1)"
+            serveraliases="$(perl -ne 'print "$1 " if /^[[:space:]]*ServerAlias (.*)/' "$configfile" | head -n 1)"
+            serveraliases="${serveraliases// \+/,}"
+            userid="$(awk '/^[[:space:]]*AssignUserID.*/ { print $3 }' "$configfile" | head -n 1)"
             if [ -x /usr/bin/quota ]; then
                 size=$(quota --no-wrap --human-readable "$userid" |grep /home |awk '{print $2}')
                 quota_soft=$(quota --no-wrap --human-readable "$userid" |grep /home |awk '{print $3}')
@@ -740,7 +740,7 @@ op_listvhost() {
                 is_enabled=0
             fi
             if [ "$servername" ] && [ "$userid" ]; then
-                configid=`basename $configfile`
+                configid=$(basename "$configfile")
                 echo "$userid:$configid:$servername:$serveraliases:$size:$quota_soft:$quota_hard:$phpversion:$is_enabled"
             fi
         fi
@@ -799,7 +799,7 @@ op_add() {
             echo
 
             if [ -z "$tmp" ]; then
-                tmp=`gen_random_passwd`
+                tmp=$(gen_random_passwd)
             fi
 
             if validate_passwd "$tmp"; then
@@ -830,7 +830,7 @@ op_add() {
                 echo
 
                 if [ -z "$tmp" ]; then
-                    tmp=`gen_random_passwd`
+                    tmp=$(gen_random_passwd)
                 fi
 
                 if validate_passwd "$tmp"; then
@@ -925,13 +925,13 @@ op_add() {
         else
             in_login=$1
             in_wwwdomain=$2
-            validate_login $in_login || exit 1
-            [ -z "$in_passwd" ] && [ -z "$in_sshkey" ] && in_passwd=`gen_random_passwd`
-            [ -z "$in_sshkey" ] && ( validate_passwd $in_passwd || exit 1 )
-            [ -n "$in_dbname" ] && ( validate_dbname $in_dbname || exit 1 )
-            [ -z "$in_dbpasswd" ] && [ -n "$in_dbname" ] && in_dbpasswd=`gen_random_passwd`
-            [ -n "$in_dbname" ] && ( validate_passwd $in_dbpasswd || exit 1 )
-            validate_wwwdomain $in_wwwdomain || exit 1
+            validate_login "$in_login" || exit 1
+            [ -z "$in_passwd" ] && [ -z "$in_sshkey" ] && in_passwd=$(gen_random_passwd)
+            [ -z "$in_sshkey" ] && ( validate_passwd "$in_passwd" || exit 1 )
+            [ -n "$in_dbname" ] && ( validate_dbname "$in_dbname" || exit 1 )
+            [ -z "$in_dbpasswd" ] && [ -n "$in_dbname" ] && in_dbpasswd=$(gen_random_passwd)
+            [ -n "$in_dbname" ] && ( validate_passwd "$in_dbpasswd" || exit 1 )
+            validate_wwwdomain "$in_wwwdomain" || exit 1
             [ -z "$in_mail" ] && in_mail=$CONTACT_MAIL
             validate_mail $in_mail || exit 1
             [ -n "$in_phpversion" ] && (validate_phpversion "$in_phpversion" || exit 1)

From 540b7f7278740289b6adddad8ac7e338501f7bab Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 17 Oct 2018 15:03:15 -0400
Subject: [PATCH 10/11] Use ${var:+...} instead of [-n ] and "$@" instead of
 "$*"

Fixes issue uncovered by proper use of double quotes
---
 scripts/web-add.sh | 49 ++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 17 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index ea64777..bc657f1 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -248,24 +248,39 @@ create_www_account() {
         return 1
     fi
 
-    ############################################################################
+	# Force UID and GID if specified
+    /usr/sbin/adduser \
+    	--gecos "User $in_login" \
+    	--disabled-password \
+    	"$in_login" \
+    	--shell /bin/bash \
+    	${in_uid:+'--uid' "$in_uid"} \
+    	${in_gid:+'--gid' "$in_gid"} \
+    	--force-badname \
+    	--home "$HOME_DIR_USER" >/dev/null
+   
+    [ -z "$in_sshkey" ] \
+    && echo "$in_login:$in_passwd" | chpasswd --md5
+    
+    [ -z "$in_sshkey" ] \
+    || [ -n "$HOME_DIR_USER" ] \
+    && mkdir "$HOME_DIR_USER/.ssh" \
+    && echo "$in_sshkey" > "$HOME_DIR_USER/.ssh/authorized_keys" \
+	&& chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" \
+    && chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"
 
-    # Force UID GID if specified
-
-    [ -n "$in_uid" ] && OPT_UID="--uid" && OPT_UID_ARG="$in_uid"
-    [ -n "$in_gid" ] && OPT_GID="--gid" && OPT_GID_ARG="$in_gid"
-    [ -n "$in_wwwuid" ] && OPT_WWWUID="--uid" && OPT_WWWUID_ARG="$in_wwwuid"
-
-    ############################################################################
-
-
-    /usr/sbin/adduser --gecos "User $in_login" --disabled-password "$in_login" --shell /bin/bash "$OPT_UID" "$OPT_UID_ARG" "$OPT_GID" "$OPT_GID_ARG"  --force-badname --home "$HOME_DIR_USER" >/dev/null
-    [ -z "$in_sshkey" ] && echo "$in_login:$in_passwd" | chpasswd --md5
-    [ -z "$in_sshkey" ] || [ -n "$HOME_DIR_USER" ] && mkdir "$HOME_DIR_USER/.ssh" && echo "$in_sshkey" > "$HOME_DIR_USER/.ssh/authorized_keys" \
-        && chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" && chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"
     if [ "$WEB_SERVER" == "apache" ]; then
-        /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www \
-            --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" "$OPT_WWWUID" "$OPT_WWWUID_ARG" --ingroup "$in_login" --force-badname > /dev/null
+    	# Force UID if specified
+        /usr/sbin/adduser \
+        	--gecos "WWW $in_login" \
+        	--disabled-password \
+        	www-"$in_login" \
+            --shell /bin/false \
+            ${in_wwwuid:+'--uid' "$in_wwwuid"} \
+            --ingroup "$in_login" \
+            --force-badname \
+            --home "$HOME_DIR_USER"/www \
+            --no-create-home > /dev/null
     elif [ "$WEB_SERVER" == "nginx" ]; then
         # Adding user www-data to group $in_login.
         # And primary group www-data for $in_login.
@@ -974,4 +989,4 @@ op_add() {
 }
 
 # Point d'entrée
-arg_processing "$*"
+arg_processing "$@"

From 08ef18bc2d2fce6ad40ccbaf029c3246761c46a6 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 17 Oct 2018 15:03:15 -0400
Subject: [PATCH 11/11] Use ${var:+...} instead of [-n ] and "$@" instead of
 "$*"

Fixes issue uncovered by proper use of double quotes.
---
 scripts/web-add.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/web-add.sh b/scripts/web-add.sh
index bc657f1..10444a3 100755
--- a/scripts/web-add.sh
+++ b/scripts/web-add.sh
@@ -248,7 +248,7 @@ create_www_account() {
         return 1
     fi
 
-	# Force UID and GID if specified
+	# Create user and force UID / GID if specified
     /usr/sbin/adduser \
     	--gecos "User $in_login" \
     	--disabled-password \
@@ -269,8 +269,8 @@ create_www_account() {
 	&& chmod -R u=rwX,g=,o= "$HOME_DIR_USER/.ssh/authorized_keys" \
     && chown -R "$in_login":"$in_login" "$HOME_DIR_USER/.ssh"
 
-    if [ "$WEB_SERVER" == "apache" ]; then
-    	# Force UID if specified
+    if [ "$WEB_SERVER" == "apache" ]; then	  
+        # Create www user and force UID if specified
         /usr/sbin/adduser \
         	--gecos "WWW $in_login" \
         	--disabled-password \