From eb9ff9556d60f9763aac88de7a50b1a1c7a1e235 Mon Sep 17 00:00:00 2001
From: Robert Helgesson <robert@rycee.net>
Date: Fri, 23 Dec 2022 10:02:39 +0100
Subject: [PATCH] bash: escape historyIgnore value

Since this option is very unlikely to contain a shell variable we
should be safe doing a full shell escaping.

Fixes #3249
---
 modules/programs/bash.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/programs/bash.nix b/modules/programs/bash.nix
index 0f9fd922..742087b7 100644
--- a/modules/programs/bash.nix
+++ b/modules/programs/bash.nix
@@ -202,7 +202,7 @@ in
             HISTCONTROL = concatStringsSep ":" cfg.historyControl;
           }
           // optionalAttrs (cfg.historyIgnore != []) {
-            HISTIGNORE = concatStringsSep ":" cfg.historyIgnore;
+            HISTIGNORE = escapeShellArg (concatStringsSep ":" cfg.historyIgnore);
           }
         ));
     in mkIf cfg.enable {