mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2025-12-29 11:48:05 -06:00
9b29d37d21
Hacked qbt instances may contain malicious script placed in Run External Program and the script will attempt to hide itself by adding a lot whitespaces at the start of the command string. Users may mistake the field of being empty but is actually not. So trim the leading whitespaces to easily expose the malicious script. Note that GUI already trim the fields and only WebAPI doesn't trim them. This patch will unify the behavior. Related: https://github.com/qbittorrent/docker-qbittorrent-nox/issues/71#issuecomment-2993567440 PR #22939.