From 931dbd1dceebd7dfc80868fd0629632f05db7e0c Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Thu, 2 May 2024 11:04:32 +0200
Subject: [PATCH] autodist: fix authenticating social log sent messages by
 encoding secret

---
 autodist | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/autodist b/autodist
index 767c757..1d0cff6 100755
--- a/autodist
+++ b/autodist
@@ -863,10 +863,12 @@ function launch_pkgs_loop() {
                      [ "$WEBBUILD_URL" -a "$WEBBUILD_USER" ] && {
                         SPEC_VERSION=`grep -m1 "^Version:" $spec_dir/$pkg.spec | sed "s|Version:[[:space:]]*||"`
                         if [ "$WEBBUILD_USER_CMDLINE" ]; then
-                           curl -s "$WEBBUILD_URL?REQUEST=message&USER=$WEBBUILD_USER&SECRET=$WEBBUILD_SECRET&USER_EMAIL=$WEBBUILD_EMAIL&\
+                           curl -s "$WEBBUILD_URL?REQUEST=message&USER=$WEBBUILD_USER&\
+SECRET=`cgi_encodevar ${WEBBUILD_SECRET}`&USER_EMAIL=$WEBBUILD_EMAIL&\
 MESSAGE=`cgi_encodevar \"(invoked by $WEBBUILD_USER_CMDLINE) sent <b>$pkg $SPEC_VERSION-$SPEC_RELEASE</b> for ${TARGETARCH} to <b>$SEND_SERVER</b>\"`" >/dev/null
                         else
-                           curl -s "$WEBBUILD_URL?REQUEST=message&USER=$WEBBUILD_USER&SECRET=$WEBBUILD_SECRET&USER_EMAIL=$WEBBUILD_EMAIL&\
+                           curl -s "$WEBBUILD_URL?REQUEST=message&USER=$WEBBUILD_USER&\
+SECRET=`cgi_encodevar ${WEBBUILD_SECRET}`&USER_EMAIL=$WEBBUILD_EMAIL&\
 MESSAGE=`cgi_encodevar \"sent <b>$pkg $SPEC_VERSION-$SPEC_RELEASE</b> for ${TARGETARCH} to <b>$SEND_SERVER</b>\"`" >/dev/null
                         fi
                      }