Merge remote-tracking branch 'upstream/master'

.travis.yml

@@ -1,11 +1,24 @@
-language: bash
+language: shell
 
 env:
   global:
     - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64
 
+addons:
+  apt:
+    sources:
+    - debian-sid    # Grab shellcheck from the Debian repo (o_O)
+    packages:
+    - shellcheck
+
 script:
   - curl -sSL $SHFMT_URL -o ~/shfmt
   - chmod +x ~/shfmt
-  - ~/shfmt -l -w -i 2 .
+  - shellcheck -V
-  - git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false)
+  - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK"
+  - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false)
+
+matrix:
+  fast_finish: true
+  
+  

README.md

@@ -1,4 +1,4 @@
-# An ACME Shell script: acme.sh
+# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
 - An ACME protocol client written purely in Shell (Unix shell) language.
 - Fully ACME protocol implementation.
 - Simple, powerful and very easy to use. You only need 3 minutes to learn.

acme.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-VER=2.6.4
+VER=2.6.5
 
 PROJECT_NAME="acme.sh"
 
@@ -16,7 +16,7 @@ _SUB_FOLDERS="dnsapi deploy"
 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
 DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
 
-DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT"
+DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
 DEFAULT_ACCOUNT_EMAIL=""
 
 DEFAULT_ACCOUNT_KEY_LENGTH=2048
@@ -27,7 +27,7 @@ STAGE_CA="https://acme-staging.api.letsencrypt.org"
 VTYPE_HTTP="http-01"
 VTYPE_DNS="dns-01"
 VTYPE_TLS="tls-sni-01"
-VTYPE_TLS2="tls-sni-02"
+#VTYPE_TLS2="tls-sni-02"
 
 LOCAL_ANY_ADDRESS="0.0.0.0"
 
@@ -247,10 +247,10 @@ _exists() {
     _usage "Usage: _exists cmd"
     return 1
   fi
-  if type command >/dev/null 2>&1; then
+  if command >/dev/null 2>&1; then
     command -v "$cmd" >/dev/null 2>&1
-  else
+  elif which >/dev/null 2>&1; then
-    type "$cmd" >/dev/null 2>&1
+    which "$cmd" >/dev/null 2>&1
   fi
   ret="$?"
   _debug3 "$cmd exists=$ret"
@@ -259,7 +259,8 @@ _exists() {
 
 #a + b
 _math() {
-  expr "$@"
+  _m_opts="$@"
+  printf "%s" "$(($_m_opts))"
 }
 
 _h_char_2_dec() {
@@ -299,10 +300,7 @@ _h2b() {
   hex=$(cat)
   i=1
   j=2
-  if _exists let; then
+
-    uselet="1"
-  fi
-  _debug3 uselet "$uselet"
   _debug3 _URGLY_PRINTF "$_URGLY_PRINTF"
   while true; do
     if [ -z "$_URGLY_PRINTF" ]; then
@@ -310,7 +308,7 @@ _h2b() {
       if [ -z "$h" ]; then
         break
       fi
-      printf "\x$h"
+      printf "\x$h%s"
     else
       ic="$(printf "%s" "$hex" | cut -c $i)"
       jc="$(printf "%s" "$hex" | cut -c $j)"
@@ -319,15 +317,12 @@ _h2b() {
       fi
       ic="$(_h_char_2_dec "$ic")"
       jc="$(_h_char_2_dec "$jc")"
-      printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")"
+      printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")""%s"
     fi
-    if [ "$uselet" ]; then
+
-      let "i+=2" >/dev/null
-      let "j+=2" >/dev/null
-    else
     i="$(_math "$i" + 2)"
     j="$(_math "$j" + 2)"
-    fi
+
   done
 }
 
@@ -417,7 +412,7 @@ _digest() {
 
   outputhex="$2"
 
-  if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then
+  if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then
     if [ "$outputhex" ]; then
       openssl dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' '
     else
@@ -538,10 +533,10 @@ _createkey() {
 
   if _isEccKey "$length"; then
     _debug "Using ec name: $eccname"
-    openssl ecparam -name $eccname -genkey 2>/dev/null >"$f"
+    openssl ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
   else
     _debug "Using RSA: $length"
-    openssl genrsa $length 2>/dev/null >"$f"
+    openssl genrsa "$length" 2>/dev/null >"$f"
   fi
 
   if [ "$?" != "0" ]; then
@@ -554,7 +549,7 @@ _createkey() {
 _is_idn() {
   _is_idn_d="$1"
   _debug2 _is_idn_d "$_is_idn_d"
-  _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d 'A-Z' | tr -d '.,-')
+  _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d '[A-Z]' | tr -d '.,-')
   _debug2 _idn_temp "$_idn_temp"
   [ "$_idn_temp" ]
 }
@@ -865,7 +860,8 @@ _time2str() {
 
   #Soaris
   if _exists adb; then
-    echo $(echo "0t${1}=Y" | adb)
+    _t_s_a=$(echo "0t${1}=Y" | adb)
+    echo "$_t_s_a"
   fi
 
 }
@@ -1328,7 +1324,8 @@ _clear_conf() {
   _c_c_f="$1"
   _sdkey="$2"
   if [ "$_c_c_f" ]; then
-    _sed_i "s/^$_sdkey.*$//" "$_c_c_f"
+    _conf_data="$(cat "$_c_c_f")"
+    echo "$_conf_data" | sed "s/^$_sdkey *=.*$//" > "$_c_c_f"
   else
     _err "config file is empty, can not clear"
   fi
@@ -2295,10 +2292,10 @@ _findHook() {
   _hookcat="$2"
   _hookname="$3"
 
-  if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ]; then
+  if [ -f "$_SCRIPT_HOME/$_hookcat/$_hookname" ]; then
-    d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname"
+    d_api="$_SCRIPT_HOME/$_hookcat/$_hookname"
-  elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ]; then
+  elif [ -f "$_SCRIPT_HOME/$_hookcat/$_hookname.sh" ]; then
-    d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname.sh"
+    d_api="$_SCRIPT_HOME/$_hookcat/$_hookname.sh"
   elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ]; then
     d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname"
   elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ]; then
@@ -2324,7 +2321,7 @@ __get_domain_new_authz() {
   _Max_new_authz_retry_times=5
   _authz_i=0
   while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do
-    _info "Try new-authz for the $_authz_i time."
+    _debug "Try new-authz for the $_authz_i time."
     if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then
       _err "Can not get domain new authz."
       return 1
@@ -2339,7 +2336,7 @@ __get_domain_new_authz() {
   done
 
   if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then
-    _debug "new-authz retry reach the max $_Max_new_authz_retry_times times."
+    _err "new-authz retry reach the max $_Max_new_authz_retry_times times."
   fi
 
   if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then
@@ -3006,9 +3003,9 @@ renewAll() {
   _debug "_stopRenewOnError" "$_stopRenewOnError"
   _ret="0"
 
-  for d in "${CERT_HOME}"/*.*/; do
+  for di in "${CERT_HOME}"/*.*/; do
-    _debug d "$d"
+    _debug di "$di"
-    d=$(basename "$d")
+    d=$(basename "$di")
     _debug d "$d"
     (
       if _endswith "$d" "$ECC_SUFFIX"; then
@@ -3129,15 +3126,15 @@ list() {
   _sep="|"
   if [ "$_raw" ]; then
     printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew"
-    for d in "${CERT_HOME}"/*.*/; do
+    for di in "${CERT_HOME}"/*.*/; do
-      d=$(basename "$d")
+      d=$(basename "$di")
       _debug d "$d"
       (
         if _endswith "$d" "$ECC_SUFFIX"; then
           _isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2)
           d=$(echo "$d" | cut -d "$ECC_SEP" -f 1)
         fi
-        _initpath $d "$_isEcc"
+        _initpath "$d" "$_isEcc"
         if [ -f "$DOMAIN_CONF" ]; then
           . "$DOMAIN_CONF"
           printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
@@ -3163,13 +3160,13 @@ deploy() {
     return 1
   fi
 
-  _initpath $Le_Domain "$_isEcc"
+  _initpath "$Le_Domain" "$_isEcc"
   if [ ! -d "$DOMAIN_PATH" ]; then
     _err "Domain is not valid:'$Le_Domain'"
     return 1
   fi
 
-  _deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)"
+  _deployApi="$(_findHook "$Le_Domain" deploy "$Le_DeployHook")"
   if [ -z "$_deployApi" ]; then
     _err "The deploy hook $Le_DeployHook is not found."
     return 1
@@ -3179,18 +3176,18 @@ deploy() {
   _savedomainconf Le_DeployHook "$Le_DeployHook"
 
   if ! (
-    if ! . $_deployApi; then
+    if ! . "$_deployApi"; then
       _err "Load file $_deployApi error. Please check your api file and try again."
       return 1
     fi
 
     d_command="${Le_DeployHook}_deploy"
-    if ! _exists $d_command; then
+    if ! _exists "$d_command"; then
       _err "It seems that your api file is not correct, it must have a function named: $d_command"
       return 1
     fi
 
-    if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then
+    if ! $d_command "$Le_Domain" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then
       _err "Error deploy for domain:$Le_Domain"
       _on_issue_err
       return 1
@@ -3218,7 +3215,7 @@ installcert() {
   Le_RealFullChainPath="$6"
   _isEcc="$7"
 
-  _initpath $Le_Domain "$_isEcc"
+  _initpath "$Le_Domain" "$_isEcc"
   if [ ! -d "$DOMAIN_PATH" ]; then
     _err "Domain is not valid:'$Le_Domain'"
     return 1
@@ -3228,7 +3225,6 @@ installcert() {
 }
 
 _installcert() {
-
   _savedomainconf "Le_RealCertPath" "$Le_RealCertPath"
   _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath"
   _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath"
@@ -3251,9 +3247,8 @@ _installcert() {
     Le_RealFullChainPath=""
   fi
 
-  _installed="0"
   if [ "$Le_RealCertPath" ]; then
-    _installed=1
+
     _info "Installing cert to:$Le_RealCertPath"
     if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then
       cp "$Le_RealCertPath" "$Le_RealCertPath".bak
@@ -3262,7 +3257,7 @@ _installcert() {
   fi
 
   if [ "$Le_RealCACertPath" ]; then
-    _installed=1
+
     _info "Installing CA to:$Le_RealCACertPath"
     if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then
       echo "" >>"$Le_RealCACertPath"
@@ -3276,7 +3271,7 @@ _installcert() {
   fi
 
   if [ "$Le_RealKeyPath" ]; then
-    _installed=1
+
     _info "Installing key to:$Le_RealKeyPath"
     if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then
       cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak
@@ -3285,7 +3280,7 @@ _installcert() {
   fi
 
   if [ "$Le_RealFullChainPath" ]; then
-    _installed=1
+
     _info "Installing full chain to:$Le_RealFullChainPath"
     if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then
       cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak
@@ -3294,7 +3289,7 @@ _installcert() {
   fi
 
   if [ "$Le_ReloadCmd" ]; then
-    _installed=1
+
     _info "Run Le_ReloadCmd: $Le_ReloadCmd"
     if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd"); then
       _info "$(__green "Reload success")"
@@ -3370,7 +3365,7 @@ revoke() {
 
   _isEcc="$2"
 
-  _initpath $Le_Domain "$_isEcc"
+  _initpath "$Le_Domain" "$_isEcc"
   if [ ! -f "$DOMAIN_CONF" ]; then
     _err "$Le_Domain is not a issued domain, skip."
     return 1
@@ -3393,10 +3388,10 @@ revoke() {
 
   if [ -f "$CERT_KEY_PATH" ]; then
     _info "Try domain key first."
-    if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then
+    if _send_signed_request "$uri" "$data" "" "$CERT_KEY_PATH"; then
       if [ -z "$response" ]; then
         _info "Revoke success."
-        rm -f $CERT_PATH
+        rm -f "$CERT_PATH"
         return 0
       else
         _err "Revoke error by domain key."
@@ -3409,10 +3404,10 @@ revoke() {
 
   _info "Try account key."
 
-  if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH"; then
+  if _send_signed_request "$uri" "$data" "" "$ACCOUNT_KEY_PATH"; then
     if [ -z "$response" ]; then
       _info "Revoke success."
-      rm -f $CERT_PATH
+      rm -f "$CERT_PATH"
       return 0
     else
       _err "Revoke error."
@@ -3456,11 +3451,11 @@ _deactivate() {
     fi
 
     _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')"
-    _debug _vtype $_vtype
+    _debug _vtype "$_vtype"
     _info "Found $_vtype"
 
     uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')"
-    _debug uri $uri
+    _debug uri "$uri"
 
     if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then
       _info "Skip $_vtype"
@@ -3499,7 +3494,7 @@ deactivate() {
     if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then
       continue
     fi
-    if ! _deactivate "$_d_dm" $_d_type; then
+    if ! _deactivate "$_d_dm" "$_d_type"; then
       return 1
     fi
   done
@@ -3568,7 +3563,7 @@ _initconf() {
 
 #USER_AGENT=\"$USER_AGENT\"
 
-#USER_PATH=""
+#USER_PATH=
 
 #dns api
 #######################
@@ -4052,7 +4047,7 @@ _process() {
   _dnssleep=""
   _listraw=""
   _stopRenewOnError=""
-  _insecure=""
+  #_insecure=""
   _ca_bundle=""
   _nocron=""
   _ecc=""
@@ -4327,7 +4322,7 @@ _process() {
         _stopRenewOnError="1"
         ;;
       --insecure)
-        _insecure="1"
+        #_insecure="1"
         HTTPS_INSECURE="1"
         ;;
       --ca-bundle)

dnsapi/dns_cf.sh

@@ -15,6 +15,8 @@ dns_cf_add() {
   txtvalue=$2
 
   if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
+    CF_Key=""
+    CF_Email=""
     _err "You don't specify cloudflare api key and email yet."
     _err "Please create you key and try again."
     return 1
@@ -25,7 +27,7 @@ dns_cf_add() {
   _saveaccountconf CF_Email "$CF_Email"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
@@ -36,17 +38,17 @@ dns_cf_add() {
   _debug "Getting txt records"
   _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
 
-  if ! printf "$response" | grep \"success\":true >/dev/null; then
+  if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
     _err "Error"
     return 1
   fi
 
-  count=$(printf "%s\n" "$response" | _egrep_o \"count\":[^,]* | cut -d : -f 2)
+  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
   _debug count "$count"
   if [ "$count" = "0" ]; then
     _info "Adding record"
     if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
-      if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then
+      if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
         _info "Added, sleeping 10 seconds"
         sleep 10
         #todo: check if the record takes effect
@@ -59,8 +61,8 @@ dns_cf_add() {
     _err "Add txt record error."
   else
     _info "Updating record"
-    record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \" | head -n 1)
+    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
-    _debug "record_id" $record_id
+    _debug "record_id" "$record_id"
 
     _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
     if [ "$?" = "0" ]; then
@@ -91,8 +93,8 @@ _get_root() {
   domain=$1
   i=2
   p=1
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
@@ -102,17 +104,17 @@ _get_root() {
       return 1
     fi
 
-    if printf $response | grep \"name\":\"$h\" >/dev/null; then
+    if printf "%s" "$response" | grep "\"name\":\"$h\"" >/dev/null; then
-      _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | head -n 1 | cut -d : -f 2 | tr -d \")
+      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
       if [ "$_domain_id" ]; then
-        _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
         _domain=$h
         return 0
       fi
       return 1
     fi
     p=$i
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -121,7 +123,7 @@ _cf_rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
 
   _H1="X-Auth-Email: $CF_Email"
   _H2="X-Auth-Key: $CF_Key"
@@ -129,7 +131,7 @@ _cf_rest() {
 
   if [ "$data" ]; then
     _debug data "$data"
-    response="$(_post "$data" "$CF_Api/$ep" "" $m)"
+    response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
   else
     response="$(_get "$CF_Api/$ep")"
   fi

dnsapi/dns_cx.sh

@@ -17,24 +17,26 @@ dns_cx_add() {
   txtvalue=$2
 
   if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then
+    CX_Key=""
+    CX_Secret=""
     _err "You don't specify cloudxns.com  api key or secret yet."
     _err "Please create you key and try again."
     return 1
   fi
 
-  REST_API=$CX_Api
+  REST_API="$CX_Api"
 
   #save the api key and email to the account conf file.
   _saveaccountconf CX_Key "$CX_Key"
   _saveaccountconf CX_Secret "$CX_Secret"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
 
-  existing_records $_domain $_sub_domain
+  existing_records "$_domain" "$_sub_domain"
   _debug count "$count"
   if [ "$?" != "0" ]; then
     _err "Error get existing records."
@@ -42,9 +44,9 @@ dns_cx_add() {
   fi
 
   if [ "$count" = "0" ]; then
-    add_record $_domain $_sub_domain $txtvalue
+    add_record "$_domain" "$_sub_domain" "$txtvalue"
   else
-    update_record $_domain $_sub_domain $txtvalue
+    update_record "$_domain" "$_sub_domain" "$txtvalue"
   fi
 
   if [ "$?" = "0" ]; then
@@ -78,9 +80,9 @@ existing_records() {
     return 0
   fi
 
-  if printf "$response" | grep '"type":"TXT"' >/dev/null; then
+  if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then
     count=1
-    record_id=$(printf "%s\n" "$seg" | _egrep_o \"record_id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \")
+    record_id=$(printf "%s\n" "$seg" | _egrep_o "\"record_id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
     _debug record_id "$record_id"
     return 0
   fi
@@ -93,7 +95,7 @@ add_record() {
   root=$1
   sub=$2
   txtvalue=$3
-  fulldomain=$sub.$root
+  fulldomain="$sub.$root"
 
   _info "Adding record"
 
@@ -110,7 +112,7 @@ update_record() {
   root=$1
   sub=$2
   txtvalue=$3
-  fulldomain=$sub.$root
+  fulldomain="$sub.$root"
 
   _info "Updating record"
 
@@ -136,30 +138,30 @@ _get_root() {
     return 1
   fi
 
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     _debug h "$h"
     if [ -z "$h" ]; then
       #not valid
       return 1
     fi
 
-    if printf "$response" | grep "$h." >/dev/null; then
+    if _contains "$response" "$h."; then
       seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}")
       _debug seg "$seg"
-      _domain_id=$(printf "%s" "$seg" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \")
+      _domain_id=$(printf "%s" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
       _debug _domain_id "$_domain_id"
       if [ "$_domain_id" ]; then
-        _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-        _debug _sub_domain $_sub_domain
+        _debug _sub_domain "$_sub_domain"
-        _domain=$h
+        _domain="$h"
-        _debug _domain $_domain
+        _debug _domain "$_domain"
         return 0
       fi
       return 1
     fi
-    p=$i
+    p="$i"
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -168,7 +170,7 @@ _get_root() {
 _rest() {
   m=$1
   ep="$2"
-  _debug $ep
+  _debug "$ep"
   url="$REST_API/$ep"
   _debug url "$url"
 
@@ -180,7 +182,7 @@ _rest() {
 
   sec="$CX_Key$url$data$cdate$CX_Secret"
   _debug sec "$sec"
-  hmac=$(printf "$sec" | openssl md5 | cut -d " " -f 2)
+  hmac=$(printf "%s" "$sec" | _digest md5 hex)
   _debug hmac "$hmac"
 
   _H1="API-KEY: $CX_Key"
@@ -189,7 +191,7 @@ _rest() {
   _H4="Content-Type: application/json"
 
   if [ "$data" ]; then
-    response="$(_post "$data" "$url" "" $m)"
+    response="$(_post "$data" "$url" "" "$m")"
   else
     response="$(_get "$url")"
   fi
@@ -199,7 +201,7 @@ _rest() {
     return 1
   fi
   _debug2 response "$response"
-  if ! printf "$response" | grep '"message":"success"' >/dev/null; then
+  if ! _contains "$response" '"message":"success"'; then
     return 1
   fi
   return 0

dnsapi/dns_dp.sh

@@ -17,24 +17,26 @@ dns_dp_add() {
   txtvalue=$2
 
   if [ -z "$DP_Id" ] || [ -z "$DP_Key" ]; then
+    DP_Id=""
+    DP_Key=""
     _err "You don't specify dnspod api key and key id yet."
     _err "Please create you key and try again."
     return 1
   fi
 
-  REST_API=$DP_Api
+  REST_API="$DP_Api"
 
   #save the api key and email to the account conf file.
   _saveaccountconf DP_Id "$DP_Id"
   _saveaccountconf DP_Key "$DP_Key"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
 
-  existing_records $_domain $_sub_domain
+  existing_records "$_domain" "$_sub_domain"
   _debug count "$count"
   if [ "$?" != "0" ]; then
     _err "Error get existing records."
@@ -42,9 +44,9 @@ dns_dp_add() {
   fi
 
   if [ "$count" = "0" ]; then
-    add_record $_domain $_sub_domain $txtvalue
+    add_record "$_domain" "$_sub_domain" "$txtvalue"
   else
-    update_record $_domain $_sub_domain $txtvalue
+    update_record "$_domain" "$_sub_domain" "$txtvalue"
   fi
 }
 
@@ -67,14 +69,14 @@ existing_records() {
     return 1
   fi
 
-  if printf "$response" | grep 'No records'; then
+  if _contains "$response" 'No records'; then
     count=0
     return 0
   fi
 
-  if printf "$response" | grep "Action completed successful" >/dev/null; then
+  if _contains "$response" "Action completed successful"; then
-    count=$(printf "$response" | grep '<type>TXT</type>' | wc -l)
+    count=$(printf "%s" "$response" | grep '<type>TXT</type>' | wc -l)
-    record_id=$(printf "$response" | grep '^<id>' | tail -1 | cut -d '>' -f 2 | cut -d '<' -f 1)
+    record_id=$(printf "%s" "$response" | grep '^<id>' | tail -1 | cut -d '>' -f 2 | cut -d '<' -f 1)
     return 0
   else
     _err "get existing records error."
@@ -90,7 +92,7 @@ add_record() {
   root=$1
   sub=$2
   txtvalue=$3
-  fulldomain=$sub.$root
+  fulldomain="$sub.$root"
 
   _info "Adding record"
 
@@ -98,7 +100,7 @@ add_record() {
     return 1
   fi
 
-  if printf "$response" | grep "Action completed successful"; then
+  if _contains "$response" "Action completed successful"; then
 
     return 0
   fi
@@ -112,7 +114,7 @@ update_record() {
   root=$1
   sub=$2
   txtvalue=$3
-  fulldomain=$sub.$root
+  fulldomain="$sub.$root"
 
   _info "Updating record"
 
@@ -120,7 +122,7 @@ update_record() {
     return 1
   fi
 
-  if printf "$response" | grep "Action completed successful"; then
+  if _contains "$response" "Action completed successful"; then
 
     return 0
   fi
@@ -138,8 +140,8 @@ _get_root() {
   domain=$1
   i=2
   p=1
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
@@ -149,20 +151,20 @@ _get_root() {
       return 1
     fi
 
-    if printf "$response" | grep "Action completed successful" >/dev/null; then
+    if _contains "$response" "Action completed successful"; then
-      _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \")
+      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
       _debug _domain_id "$_domain_id"
       if [ "$_domain_id" ]; then
-        _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-        _debug _sub_domain $_sub_domain
+        _debug _sub_domain "$_sub_domain"
-        _domain=$h
+        _domain="$h"
-        _debug _domain $_domain
+        _debug _domain "$_domain"
         return 0
       fi
       return 1
     fi
-    p=$i
+    p="$i"
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -172,14 +174,14 @@ _rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
   url="$REST_API/$ep"
 
   _debug url "$url"
 
   if [ "$data" ]; then
     _debug2 data "$data"
-    response="$(_post $data "$url")"
+    response="$(_post "$data" "$url")"
   else
     response="$(_get "$url")"
   fi

dnsapi/dns_gd.sh

@@ -16,6 +16,8 @@ dns_gd_add() {
   txtvalue=$2
 
   if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ]; then
+    GD_Key=""
+    GD_Secret=""
     _err "You don't specify godaddy api key and secret yet."
     _err "Please create you key and try again."
     return 1
@@ -26,11 +28,11 @@ dns_gd_add() {
   _saveaccountconf GD_Secret "$GD_Secret"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
-  _debug _domain_id "$_domain_id"
+
   _debug _sub_domain "$_sub_domain"
   _debug _domain "$_domain"
 
@@ -62,13 +64,12 @@ dns_gd_rm() {
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
-# _domain_id=sdjkglgdfewsdfg
 _get_root() {
   domain=$1
   i=2
   p=1
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
@@ -78,15 +79,15 @@ _get_root() {
       return 1
     fi
 
-    if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null; then
+    if _contains "$response" '"code":"NOT_FOUND"'; then
       _debug "$h not found"
     else
-      _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-      _domain=$h
+      _domain="$h"
       return 0
     fi
-    p=$i
+    p="$i"
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -95,14 +96,14 @@ _gd_rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
 
   _H1="Authorization: sso-key $GD_Key:$GD_Secret"
   _H2="Content-Type: application/json"
 
   if [ "$data" ]; then
     _debug data "$data"
-    response="$(_post "$data" "$GD_Api/$ep" "" $m)"
+    response="$(_post "$data" "$GD_Api/$ep" "" "$m")"
   else
     response="$(_get "$GD_Api/$ep")"
   fi

dnsapi/dns_lexicon.sh

@@ -14,14 +14,15 @@ dns_lexicon_add() {
   fulldomain=$1
   txtvalue=$2
 
-  domain=$(printf "$fulldomain" | cut -d . -f 2-999)
+  domain=$(printf "%s" "$fulldomain" | cut -d . -f 2-999)
 
-  if ! _exists $lexicon_cmd; then
+  if ! _exists "$lexicon_cmd"; then
     _err "Please install $lexicon_cmd first: $wiki"
     return 1
   fi
 
   if [ -z "$PROVIDER" ]; then
+    PROVIDER=""
     _err "Please define env PROVIDER first: $wiki"
     return 1
   fi
@@ -29,39 +30,39 @@ dns_lexicon_add() {
   _savedomainconf PROVIDER "$PROVIDER"
   export PROVIDER
 
-  Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z])
+  Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr '[a-z]' '[A-Z]')
-  eval Lx_name_v="\$$Lx_name"
+  Lx_name_v=$(eval echo \$"$Lx_name")
   _debug "$Lx_name" "$Lx_name_v"
   if [ "$Lx_name_v" ]; then
-    _saveaccountconf $Lx_name "$Lx_name_v"
+    _saveaccountconf "$Lx_name" "$Lx_name_v"
-    export "$Lx_name"
+    eval export "$Lx_name"
   fi
 
-  Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z])
+  Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr '[a-z]' '[A-Z]')
-  eval Lx_token_v="\$$Lx_token"
+  Lx_token_v=$(eval echo \$"$Lx_token")
   _debug "$Lx_token" "$Lx_token_v"
   if [ "$Lx_token_v" ]; then
-    _saveaccountconf $Lx_token "$Lx_token_v"
+    _saveaccountconf "$Lx_token" "$Lx_token_v"
-    export "$Lx_token"
+    eval export "$Lx_token"
   fi
 
-  Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z])
+  Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr '[a-z]' '[A-Z]')
-  eval Lx_password_v="\$$Lx_password"
+  Lx_password_v=$(eval echo \$"$Lx_password")
   _debug "$Lx_password" "$Lx_password_v"
   if [ "$Lx_password_v" ]; then
-    _saveaccountconf $Lx_password "$Lx_password_v"
+    _saveaccountconf "$Lx_password" "$Lx_password_v"
-    export "$Lx_password"
+    eval export "$Lx_password"
   fi
 
-  Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z])
+  Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr '[a-z]' '[A-Z]')
-  eval Lx_domaintoken_v="\$$Lx_domaintoken"
+  Lx_domaintoken_v=$(eval echo \$"$Lx_domaintoken")
   _debug "$Lx_domaintoken" "$Lx_domaintoken_v"
   if [ "$Lx_domaintoken_v" ]; then
-    export "$Lx_domaintoken"
+    eval export "$Lx_domaintoken"
-    _saveaccountconf $Lx_domaintoken "$Lx_domaintoken_v"
+    _saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v"
   fi
 
-  $lexicon_cmd "$PROVIDER" create ${domain} TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
+  $lexicon_cmd "$PROVIDER" create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
 
 }
 

dnsapi/dns_lua.sh

@@ -8,7 +8,7 @@
 #LUA_Email="user@luadns.net"
 
 LUA_Api="https://api.luadns.com/v1"
-LUA_auth=$(printf $LUA_Email:$LUA_Key | _base64)
+LUA_auth=$(printf "%s" "$LUA_Email:$LUA_Key" | _base64)
 
 ########  Public functions #####################
 
@@ -18,6 +18,8 @@ dns_lua_add() {
   txtvalue=$2
 
   if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ]; then
+    LUA_Key=""
+    LUA_Email=""
     _err "You don't specify luadns api key and email yet."
     _err "Please create you key and try again."
     return 1
@@ -28,7 +30,7 @@ dns_lua_add() {
   _saveaccountconf LUA_Email "$LUA_Email"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
@@ -39,17 +41,17 @@ dns_lua_add() {
   _debug "Getting txt records"
   _LUA_rest GET "zones/${_domain_id}/records"
 
-  if ! printf "$response" | grep \"id\": >/dev/null; then
+  if ! _contains "$response" "\"id\":"; then
     _err "Error"
     return 1
   fi
 
-  count=$(printf "%s\n" "$response" | _egrep_o \"name\":\"$fulldomain\" | wc -l)
+  count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$fulldomain\"" | wc -l)
   _debug count "$count"
   if [ "$count" = "0" ]; then
     _info "Adding record"
     if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
-      if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then
+      if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
         _info "Added"
         #todo: check if the record takes effect
         return 0
@@ -61,8 +63,8 @@ dns_lua_add() {
     _err "Add txt record error."
   else
     _info "Updating record"
-    record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2 | cut -d, -f1)
+    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\"" | cut -d: -f2 | cut -d, -f1)
-    _debug "record_id" $record_id
+    _debug "record_id" "$record_id"
 
     _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}"
     if [ "$?" = "0" ]; then
@@ -95,24 +97,24 @@ _get_root() {
   if ! _LUA_rest GET "zones"; then
     return 1
   fi
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
     fi
 
-    if printf $response | grep \"name\":\"$h\" >/dev/null; then
+    if _contains "$response" "\"name\":\"$h\""; then
-      _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1)
+      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1)
       if [ "$_domain_id" ]; then
-        _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-        _domain=$h
+        _domain="$h"
         return 0
       fi
       return 1
     fi
     p=$i
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -121,13 +123,13 @@ _LUA_rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
 
   _H1="Accept: application/json"
   _H2="Authorization: Basic $LUA_auth"
   if [ "$data" ]; then
     _debug data "$data"
-    response="$(_post "$data" "$LUA_Api/$ep" "" $m)"
+    response="$(_post "$data" "$LUA_Api/$ep" "" "$m")"
   else
     response="$(_get "$LUA_Api/$ep")"
   fi

dnsapi/dns_me.sh

@@ -15,6 +15,8 @@ dns_me_add() {
   txtvalue=$2
 
   if [ -z "$ME_Key" ] || [ -z "$ME_Secret" ]; then
+    ME_Key=""
+    ME_Secret=""
     _err "You didn't specify DNSMadeEasy api key and secret yet."
     _err "Please create you key and try again."
     return 1
@@ -25,7 +27,7 @@ dns_me_add() {
   _saveaccountconf ME_Secret "$ME_Secret"
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
@@ -36,12 +38,12 @@ dns_me_add() {
   _debug "Getting txt records"
   _me_rest GET "${_domain_id}/records?recordName=$_sub_domain&type=TXT"
 
-  if ! printf "$response" | grep \"totalRecords\": >/dev/null; then
+  if ! _contains "$response" "\"totalRecords\":"; then
     _err "Error"
     return 1
   fi
 
-  count=$(printf "%s\n" "$response" | _egrep_o \"totalRecords\":[^,]* | cut -d : -f 2)
+  count=$(printf "%s\n" "$response" | _egrep_o "\"totalRecords\":[^,]*" | cut -d : -f 2)
   _debug count "$count"
   if [ "$count" = "0" ]; then
     _info "Adding record"
@@ -58,8 +60,8 @@ dns_me_add() {
     _err "Add txt record error."
   else
     _info "Updating record"
-    record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | cut -d : -f 2 | head -n 1)
+    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | cut -d : -f 2 | head -n 1)
-    _debug "record_id" $record_id
+    _debug "record_id" "$record_id"
 
     _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"
     if [ "$?" = "0" ]; then
@@ -89,8 +91,8 @@ _get_root() {
   domain=$1
   i=2
   p=1
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
@@ -100,17 +102,17 @@ _get_root() {
       return 1
     fi
 
-    if printf $response | grep \"name\":\"$h\" >/dev/null; then
+    if _contains "$response" "\"name\":\"$h\""; then
-      _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2)
+      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d : -f 2)
       if [ "$_domain_id" ]; then
-        _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-        _domain=$h
+        _domain="$h"
         return 0
       fi
       return 1
     fi
     p=$i
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -119,10 +121,10 @@ _me_rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
 
   cdate=$(date -u +"%a, %d %b %Y %T %Z")
-  hmac=$(printf "$cdate" | _hmac sha1 "$ME_Secret" 1)
+  hmac=$(printf "%s" "$cdate" | _hmac sha1 "$ME_Secret" 1)
 
   _H1="x-dnsme-apiKey: $ME_Key"
   _H2="x-dnsme-requestDate: $cdate"
@@ -130,7 +132,7 @@ _me_rest() {
 
   if [ "$data" ]; then
     _debug data "$data"
-    response="$(_post "$data" "$ME_Api/$ep" "" $m)"
+    response="$(_post "$data" "$ME_Api/$ep" "" "$m")"
   else
     response="$(_get "$ME_Api/$ep")"
   fi

dnsapi/dns_ovh.sh

@@ -86,6 +86,8 @@ dns_ovh_add() {
   txtvalue=$2
 
   if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
+    OVH_AK=""
+    OVH_AS=""
     _err "You don't specify OVH application key and application secret yet."
     _err "Please create you key and try again."
     return 1
@@ -127,11 +129,11 @@ dns_ovh_add() {
   _info "Consumer key is ok."
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
-  _debug _domain_id "$_domain_id"
+
   _debug _sub_domain "$_sub_domain"
   _debug _domain "$_domain"
 
@@ -157,7 +159,7 @@ dns_ovh_add() {
       _err "Can not get record id."
       return 1
     fi
-    _debug "record_id" $record_id
+    _debug "record_id" "$record_id"
 
     if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}"; then
       if _contains "$response" "null"; then
@@ -221,13 +223,12 @@ _ovh_authentication() {
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
-# _domain_id=sdjkglgdfewsdfg
 _get_root() {
   domain=$1
   i=2
   p=1
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       #not valid
       return 1
@@ -238,12 +239,12 @@ _get_root() {
     fi
 
     if ! _contains "$response" "This service does not exist" >/dev/null; then
-      _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
-      _domain=$h
+      _domain="$h"
       return 0
     fi
     p=$i
-    i=$(expr $i + 1)
+    i=$(_math "$i" + 1)
   done
   return 1
 }
@@ -261,7 +262,7 @@ _ovh_rest() {
   m=$1
   ep="$2"
   data="$3"
-  _debug $ep
+  _debug "$ep"
 
   _ovh_url="$OVH_API/$ep"
   _debug2 _ovh_url "$_ovh_url"
@@ -280,7 +281,7 @@ _ovh_rest() {
   _H5="Content-Type: application/json;charset=utf-8"
   if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ]; then
     _debug data "$data"
-    response="$(_post "$data" "$_ovh_url" "" $m)"
+    response="$(_post "$data" "$_ovh_url" "" "$m")"
   else
     response="$(_get "$_ovh_url")"
   fi

dnsapi/dns_pdns.sh

@@ -17,25 +17,28 @@ dns_pdns_add() {
   txtvalue=$2
 
   if [ -z "$PDNS_Url" ]; then
+    PDNS_Url=""
     _err "You don't specify PowerDNS address."
     _err "Please set PDNS_Url and try again."
     return 1
   fi
 
   if [ -z "$PDNS_ServerId" ]; then
+    PDNS_ServerId=""
     _err "You don't specify PowerDNS server id."
     _err "Please set you PDNS_ServerId and try again."
     return 1
   fi
 
   if [ -z "$PDNS_Token" ]; then
+    PDNS_Token=""
     _err "You don't specify PowerDNS token."
     _err "Please create you PDNS_Token and try again."
     return 1
   fi
 
   if [ -z "$PDNS_Ttl" ]; then
-    PDNS_Ttl=$DEFAULT_PDNS_TTL
+    PDNS_Ttl="$DEFAULT_PDNS_TTL"
   fi
 
   #save the api addr and key to the account conf file.
@@ -48,7 +51,7 @@ dns_pdns_add() {
   fi
 
   _debug "First detect the root zone"
-  if ! _get_root $fulldomain; then
+  if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1
   fi
@@ -91,25 +94,23 @@ set_record() {
 _get_root() {
   domain=$1
   i=1
-  p=1
 
   if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
-    _zones_response=$response
+    _zones_response="$response"
   fi
 
-  while [ '1' ]; do
+  while true; do
-    h=$(printf $domain | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
     if [ -z "$h" ]; then
       return 1
     fi
 
-    if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null; then
+    if _contains "$_zones_response" "\"name\": \"$h.\""; then
-      _domain=$h
+      _domain="$h"
       return 0
     fi
 
-    p=$i
+    i=$(_math $i + 1)
-    i=$(expr $i + 1)
   done
   _debug "$domain not found"
   return 1