commit b0639dc6bb3d6f9f51f9e4688c7588bafaca2aac
from: Omar Polo <op@omarpolo.com>
date: Tue May 16 20:32:09 2023 UTC

pwg: guard against possible flag-injections

commit - 50705614759a8daead0fad31999ee592be999b83
commit + b0639dc6bb3d6f9f51f9e4688c7588bafaca2aac
blob - 29806069079dc13d6a4767589edbbd62b2e6b499
blob + fea1b875ed455c79d06ba72ddc12fdda497cb882
--- pwg
+++ pwg
@@ -39,8 +39,8 @@ shift $(($OPTIND - 1))
 [ $# -eq 1 ] && len="$1"
 
 if [ -n "$wordlist" ]; then
-	passphrase=$(sort -R "$wordlist" | head -n "$len")
-	[ -n "$passphrase" ] && echo $passphrase
+	passphrase=$(sort -R -- "$wordlist" | head -n "$len")
+	[ -n "$passphrase" ] && printf '%s\n' "$passphrase"
 else
 	export LC_ALL=C
 	tr -cd "$chars" </dev/urandom | dd bs=1 count="$len" 2>/dev/null && \