ask-password: reject control chars and quotes in query description
As reported in https://yeswehack.com/vulnerability-center/reports/705270,
YesWeHack issue #YWH-PGM9780-66, if a newline is injected into the message
field, it is passed through unmolested and lands in the .ini file. This
obviously would cause the parser to be confused.
Let's forbid any control characters or quotes in those fields. If we want
something more complicated in the future, we can add a custom validation
function and allow some escaping mechanism.
projects / thirdparty / systemd.git / commit
