Skip to content

Add GDPR_EMAIL environment variable for Docker deployments#743

Merged
sstidl merged 6 commits intonewdesignfrom
copilot/sub-pr-694
Dec 29, 2025
Merged

Add GDPR_EMAIL environment variable for Docker deployments#743
sstidl merged 6 commits intonewdesignfrom
copilot/sub-pr-694

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Dec 29, 2025
edited by qodo-free-for-open-source-projects bot
Loading

User description

The privacy policy in HTML files contains hardcoded placeholder text "TO BE FILLED BY DEVELOPER" for the GDPR deletion request contact email, requiring source modification for production deployments.

Changes

  • Docker entrypoint: Added GDPR_EMAIL environment variable that replaces placeholders in index-modern.html and index-classic.html during container startup
  • Documentation: Added GDPR_EMAIL to environment variable list in doc_docker.md with docker-compose example

Implementation

# Escapes sed special characters (& / \ $) and replaces both placeholders atomically
GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g')
sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file"

Usage

environment:
  GDPR_EMAIL: "privacy@example.com"

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

PR Type

Enhancement

Description

  • Add GDPR_EMAIL environment variable for Docker deployments

  • Replace hardcoded email placeholders in HTML files at startup

  • Implement proper sed escaping for special characters

  • Document GDPR_EMAIL in Docker configuration guide

Diagram Walkthrough

flowchart LR
  A["Docker Container Startup"] -->|"GDPR_EMAIL env var"| B["Entrypoint Script"]
  B -->|"Escape special chars"| C["sed Replacement"]
  C -->|"Replace placeholders"| D["index-modern.html"]
  C -->|"Replace placeholders"| E["index-classic.html"]
  F["Documentation"] -->|"GDPR_EMAIL example"| G["doc_docker.md"]
Loading

File Walkthrough
Relevant files
Enhancement
entrypoint.sh
Add GDPR email placeholder replacement logic                         

docker/entrypoint.sh

  • Added GDPR_EMAIL environment variable logging
  • Implemented conditional GDPR email placeholder replacement logic
  • Applied proper sed escaping for special characters (& / \ $)
  • Processes index-modern.html and index-classic.html files
  • Replaces both "TO BE FILLED BY DEVELOPER" and "PUT@YOUR_EMAIL.HERE"
    placeholders
 +13/-0   
Documentation
doc_docker.md
Document GDPR_EMAIL environment variable                                 

doc_docker.md

  • Added GDPR_EMAIL to docker-compose example with sample value
  • Added comprehensive documentation for GDPR_EMAIL environment variable
  • Explained purpose and GDPR compliance requirements
  • Clarified default behavior when variable is not set
 +2/-0     

Copilot AI mentioned this pull request Dec 29, 2025
Merged
Copilot AI and others added 5 commits December 29, 2025 23:28
@sstidl
Add GDPR_EMAIL environment variable for Docker deployments
02bc512 
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
@sstidl
Improve GDPR_EMAIL handling with proper escaping and loop
48b0ce3 
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
@sstidl
Refine GDPR_EMAIL processing - skip index.html and improve escaping
d408780 
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
@sstidl
Optimize GDPR_EMAIL sed commands and improve escaping
8586ecb 
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
@sstidl
Clarify sed escaping comment for GDPR_EMAIL
2ea0a40 
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
Copilot AI changed the title [WIP] Implement new design from #649 Add GDPR_EMAIL environment variable for Docker deployments Dec 29, 2025
Copilot AI requested a review from sstidl December 29, 2025 23:34
@sstidl sstidl marked this pull request as ready for review December 29, 2025 23:36
@sstidl sstidl merged commit 119eb1f into newdesign Dec 29, 2025
@sstidl sstidl deleted the copilot/sub-pr-694 branch December 29, 2025 23:36
@qodo-free-for-open-source-projects
Copy link
Copy Markdown
Contributor

qodo-free-for-open-source-projects bot commented Dec 29, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
Email exposure and injection

Description: The GDPR_EMAIL environment variable is logged to stdout at line 10 and then used in sed
replacement without validation, potentially exposing sensitive email addresses in
container logs and allowing command injection through malicious email values containing
newlines or sed commands.
entrypoint.sh [79-88]

Referred Code 
if [ ! -z "$GDPR_EMAIL" ]; then
  # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable)
  GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g')

  for html_file in /var/www/html/index-modern.html /var/www/html/index-classic.html; do
    if [ -f "$html_file" ]; then
      sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file"
    fi
  done
fi
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

🔴
Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
Email exposure in logs: The GDPR_EMAIL environment variable is logged to stdout on line 10, potentially exposing
contact email addresses in container logs.

Referred Code 
echo "GDPR_EMAIL: $GDPR_EMAIL"

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Missing input validation: The GDPR_EMAIL environment variable is not validated for proper email format before being
used in sed replacement, potentially allowing injection of malicious content into HTML
files.

Referred Code 
if [ ! -z "$GDPR_EMAIL" ]; then
  # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable)
  GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g')

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Missing error handling: The sed replacement operation on lines 85 does not handle potential failures or verify
successful replacement of placeholders.

Referred Code 
  sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file"
fi

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-free-for-open-source-projects
Copy link
Copy Markdown
Contributor

qodo-free-for-open-source-projects bot commented Dec 29, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Improve input handling for sed

Replace the fragile sed command with a more robust perl command to avoid script
errors from special characters in the GDPR_EMAIL variable.

docker/entrypoint.sh [78-88]

 # Replace GDPR email placeholder if GDPR_EMAIL is set
 if [ ! -z "$GDPR_EMAIL" ]; then
-  # Escape special sed characters: & (replacement), / (delimiter), \ (escape), $ (variable)
-  GDPR_EMAIL_ESCAPED=$(printf '%s\n' "$GDPR_EMAIL" | sed 's/[&/\\]/\\&/g; s/\$/\\$/g')
-  
   for html_file in /var/www/html/index-modern.html /var/www/html/index-classic.html; do
     if [ -f "$html_file" ]; then
-      sed -i "s/TO BE FILLED BY DEVELOPER/$GDPR_EMAIL_ESCAPED/g; s/PUT@YOUR_EMAIL.HERE/$GDPR_EMAIL_ESCAPED/g" "$html_file"
+      export GDPR_EMAIL
+      perl -i -pe 's/TO BE FILLED BY DEVELOPER|PUT\@YOUR_EMAIL\.HERE/$ENV{GDPR_EMAIL}/g' "$html_file"
     fi
   done
 fi
  • Apply / Chat
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies a bug where special characters in the GDPR_EMAIL variable would break the script due to improper escaping for sed. The proposed perl solution is more robust and prevents such failures.

Medium
  • More

sstidl added a commit that referenced this pull request Apr 11, 2026
@sstidl @Timendus
@stefanstidlffg @qodo-free-for-open-source-projects
Implement the new design from #649 (#694)
3a7dc31 
* Implement fromScratch design

* Add some documentation

* enable new design in docker (no alpine yet)

* merge fixed docker images

* alpine docker added new design

* fix #685

* Implement fromScratch design

* Add some documentation

* enable new design in docker (no alpine yet)

* alpine docker added new design

* fix #685

* fix database permissions alpine, remove baby

* hide serverselector on only one server

* Update frontend/styling/server-selector.css

Co-authored-by: qodo-merge-pro-for-open-source[bot] <189517486+qodo-merge-pro-for-open-source[bot]@users.noreply.github.com>

* fix alpine image again

* adjust settings.json in entrypoint

so env vars are honored

* Update frontend/javascript/index.js

Co-authored-by: qodo-merge-for-open-source[bot] <189517486+qodo-merge-for-open-source[bot]@users.noreply.github.com>

* Add feature switch for new design via config file, URL parameters, and Docker (#742)

* Initial plan

* Add feature switch for new design with config and URL parameter support

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Improve error handling and prevent infinite redirect loops

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Update Dockerfiles and entrypoint to support design feature switch

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Update design-switch.js

Co-authored-by: qodo-free-for-open-source-projects[bot] <189517486+qodo-free-for-open-source-projects[bot]@users.noreply.github.com>

* fix: copy actions in entrypoint

* Restructure design switch to place both designs at root level

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Flatten frontend assets in Docker to eliminate frontend directory

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* fix: entrypoint settings & server-list

disable entrypoint bash debug

* add link to modern design

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
Co-authored-by: sstidl <sstidl@users.noreply.github.com>
Co-authored-by: qodo-free-for-open-source-projects[bot] <189517486+qodo-free-for-open-source-projects[bot]@users.noreply.github.com>

* add armv7

* reformat

* Add GDPR_EMAIL environment variable for Docker deployments (#743)

* Initial plan

* Add GDPR_EMAIL environment variable for Docker deployments

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Improve GDPR_EMAIL handling with proper escaping and loop

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Refine GDPR_EMAIL processing - skip index.html and improve escaping

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Optimize GDPR_EMAIL sed commands and improve escaping

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* Clarify sed escaping comment for GDPR_EMAIL

Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>

* cleanup old EMAIL ENV Var

* fix: line break in html prevented sed replacement

* version 6.0.0pre1

* test: add mssql docker compose tests

* Update Speedtest screen recording link in README

* Filter unreachable servers from selector (newdesign UI) (#769)

* Filter unreachable servers from selector (newdesign UI)

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* keep // servers in list

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix misleading comment

---------

Co-authored-by: Lumi <lumi@openclaw.local>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Stefan Stidl <sti-github@stidl.com>

* fix: server.json handling

* Use server-list.json in classic frontend by default

* Add configurable server list URLs to frontend and Docker

---------

Co-authored-by: Timendus <mail@timendus.com>
Co-authored-by: Stefan Stidl <stefan.stidl@ffg.at>
Co-authored-by: qodo-merge-pro-for-open-source[bot] <189517486+qodo-merge-pro-for-open-source[bot]@users.noreply.github.com>
Co-authored-by: qodo-merge-for-open-source[bot] <189517486+qodo-merge-for-open-source[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: sstidl <12804296+sstidl@users.noreply.github.com>
Co-authored-by: qodo-free-for-open-source-projects[bot] <189517486+qodo-free-for-open-source-projects[bot]@users.noreply.github.com>
Co-authored-by: Stefan Stidl <sti-github@stidl.com>
Co-authored-by: Lumi <lumi@openclaw.local>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sstidl sstidl sstidl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sstidl sstidl

Copilot code review Copilot

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sstidl