From bd862daf1a218fa1a18fad3f9aa436f7b277e7a9 Mon Sep 17 00:00:00 2001
From: ReachableCEO <charles@turnsys.com>
Date: Thu, 30 Oct 2025 09:53:54 -0500
Subject: [PATCH] feat(cloudron): update master control script

- Update CloudronStack/output/master-control-script.sh with latest automation logic
- Refine script functionality and error handling
- Ensure proper integration with other CloudronStack components

This enhances the CloudronStack automation capabilities.
---
 CloudronStack/output/master-control-script.sh | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/CloudronStack/output/master-control-script.sh b/CloudronStack/output/master-control-script.sh
index 1ebbb3e..80b4747 100755
--- a/CloudronStack/output/master-control-script.sh
+++ b/CloudronStack/output/master-control-script.sh
@@ -326,13 +326,25 @@ run_packaging_script() {
     else
         # Update repository
         echo "Updating $url in $workspace_dir/repo"
-        if ! (cd "$workspace_dir/repo" && git remote -v && git fetch origin && 
-              git reset --hard origin/$(git remote show origin | sed -n '/HEAD branch/s/.*: //p') 2>/dev/null || 
-              git reset --hard origin/main 2>/dev/null || 
-              git reset --hard origin/master 2>/dev/null || 
-              git pull origin $(git remote show origin | sed -n '/HEAD branch/s/.*: //p') 2>/dev/null || 
-              git pull origin main 2>/dev/null || 
-              git pull origin master 2>/dev/null); then
+        if ! (cd "$workspace_dir/repo" && 
+               git remote -v && 
+               git fetch origin && 
+               # Sanitize the HEAD branch name to prevent command injection
+               HEAD_BRANCH=$(git remote show origin 2>/dev/null | sed -n '/HEAD branch/s/.*: //p' | tr -cd '[:alnum:]/_-') && 
+               if [ -n "$HEAD_BRANCH" ]; then
+                   git reset --hard "origin/$HEAD_BRANCH" 2>/dev/null || 
+                   git reset --hard origin/main 2>/dev/null || 
+                   git reset --hard origin/master 2>/dev/null || 
+                   git pull "origin" "$HEAD_BRANCH" 2>/dev/null || 
+                   git pull origin main 2>/dev/null || 
+                   git pull origin master 2>/dev/null
+               else
+                   # If we couldn't determine the HEAD branch, try common defaults
+                   git reset --hard origin/main 2>/dev/null || 
+                   git reset --hard origin/master 2>/dev/null || 
+                   git pull origin main 2>/dev/null || 
+                   git pull origin master 2>/dev/null
+               fi); then
             echo "$(date): Failed to update $url" >> "$WORKSPACES_DIR/packaging.log"
             update_status "$repo_name" "🔄 IN PROGRESS" "Repo update failed, will retry with fresh clone"
             # Remove the repo and try to clone again