From 1704a25a24549f845a70cf40d062ca4a75a9ca73 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Wed, 4 Jun 2025 09:11:08 +0200
Subject: [PATCH] fix(previews): escape container names in stopContainers
 method to prevent shell injection vulnerabilities

---
 app/Livewire/Project/Application/Previews.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Livewire/Project/Application/Previews.php b/app/Livewire/Project/Application/Previews.php
index 47a588554..b2c1cf8e1 100644
--- a/app/Livewire/Project/Application/Previews.php
+++ b/app/Livewire/Project/Application/Previews.php
@@ -247,7 +247,7 @@ class Previews extends Component
             $containerNames[] = str_replace('/', '', $container['Names']);
         }
 
-        $containerList = implode(' ', $containerNames);
+        $containerList = implode(' ', array_map('escapeshellarg', $containerNames));
         $commands = [
             "docker stop --time=$timeout $containerList",
             "docker rm -f $containerList",