From 6fc5bf83f49a637316e4c69a5d0947443426efb5 Mon Sep 17 00:00:00 2001
From: Michael Woolweaver <michael@woolweaver.bid>
Date: Wed, 9 Apr 2025 12:25:24 -0500
Subject: [PATCH 1/6] don't mute SC2086

Signed-off-by: Michael Woolweaver <michael@woolweaver.bid>
---
 gravity.sh | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/gravity.sh b/gravity.sh
index 514289d0..8ccd9a5b 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -601,7 +601,7 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}"
-  local modifiedOptions="" listCurlBuffer str httpCode success="" ip cmd_ext
+  local modifiedOptions=() listCurlBuffer str httpCode success="" ip cmd_ext
   local file_path permissions ip_addr port blocked=false download=true
 
   # Create temp file to store content on disk instead of RAM
@@ -619,14 +619,14 @@ gravity_DownloadBlocklistFromUrl() {
       # Save HTTP ETag to the specified file. An ETag is a caching related header,
       # usually returned in a response. If no ETag is sent by the server, an empty
       # file is created and can later be used consistently.
-      modifiedOptions="--etag-save ${saveLocation}.etag"
+      modifiedOptions=("${modifiedOptions[@]}" --etag-save "${saveLocation}".etag)
 
       if [[ -f "${saveLocation}.etag" ]]; then
         # This option makes a conditional HTTP request for the specific ETag read
         # from the given file by sending a custom If-None-Match header using the
         # stored ETag. This way, the server will only send the file if it has
         # changed since the last request.
-        modifiedOptions="${modifiedOptions} --etag-compare ${saveLocation}.etag"
+        modifiedOptions=("${modifiedOptions[@]}" --etag-compare "${saveLocation}".etag)
       fi
     fi
 
@@ -639,7 +639,7 @@ gravity_DownloadBlocklistFromUrl() {
       # Interstingly, this option is not supported by raw.githubusercontent.com
       # URLs, however, it is still supported by many older web servers which may
       # not support the HTTP ETag method so we keep it as a fallback.
-      modifiedOptions="${modifiedOptions} -z ${saveLocation}"
+      modifiedOptions=("${modifiedOptions[@]}" -z "${saveLocation}")
     fi
   fi
 
@@ -743,9 +743,7 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   if [[ "${download}" == true ]]; then
-    # See https://github.com/pi-hole/pi-hole/issues/6159 for justification of the below disable directive
-    # shellcheck disable=SC2086
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
+    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} "${modifiedOptions[@]}" -w "%{http_code}" ${url} -o ${listCurlBuffer} 2>/dev/null)
   fi
 
   case $url in

From 89c4248315700004e249e119ebf851e7e464ee40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Tue, 22 Apr 2025 21:57:47 +0200
Subject: [PATCH 2/6] Use quotes for all substitutions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 gravity.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gravity.sh b/gravity.sh
index 8ccd9a5b..403b1bd7 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -743,7 +743,7 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   if [[ "${download}" == true ]]; then
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} "${modifiedOptions[@]}" -w "%{http_code}" ${url} -o ${listCurlBuffer} 2>/dev/null)
+    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${cmd_ext}" "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
   fi
 
   case $url in

From 774037834b769b9d37477424f5cbc810c7e6cc25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Tue, 22 Apr 2025 22:01:21 +0200
Subject: [PATCH 3/6] Rename cmd_ext
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 gravity.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gravity.sh b/gravity.sh
index 403b1bd7..384ee4ea 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -601,7 +601,7 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}"
-  local modifiedOptions=() listCurlBuffer str httpCode success="" ip cmd_ext
+  local modifiedOptions=() listCurlBuffer str httpCode success="" ip customUpstreamResolver
   local file_path permissions ip_addr port blocked=false download=true
 
   # Create temp file to store content on disk instead of RAM
@@ -705,7 +705,7 @@ gravity_DownloadBlocklistFromUrl() {
       fi
       echo -e "${OVER}  ${CROSS} ${str} ${domain} is blocked by one of your lists. Using DNS server ${upstream} instead"
       echo -ne "  ${INFO} ${str} Pending..."
-      cmd_ext="--resolve $domain:$port:$ip"
+      customUpstreamResolver="--resolve $domain:$port:$ip"
     fi
   fi
 
@@ -743,7 +743,7 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   if [[ "${download}" == true ]]; then
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${cmd_ext}" "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
+    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${customUpstreamResolver}" "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
   fi
 
   case $url in

From 76e41aeefaacf54a7fc23a0581d5ab8293e77a32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Tue, 22 Apr 2025 22:03:54 +0200
Subject: [PATCH 4/6] Add small note about modifiedOptions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 gravity.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gravity.sh b/gravity.sh
index 384ee4ea..d91d3166 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -601,8 +601,10 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}"
-  local modifiedOptions=() listCurlBuffer str httpCode success="" ip customUpstreamResolver
+  local listCurlBuffer str httpCode success="" ip customUpstreamResolver
   local file_path permissions ip_addr port blocked=false download=true
+  # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
+  local modifiedOptions=()
 
   # Create temp file to store content on disk instead of RAM
   # We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine

From 13d76abff7212965da856bfcf042675a9a0ee5ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Tue, 22 Apr 2025 22:38:07 +0200
Subject: [PATCH 5/6] Set customUpstreamResolver empty
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 gravity.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gravity.sh b/gravity.sh
index d91d3166..4ce532fc 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -601,7 +601,7 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" domain="${7}"
-  local listCurlBuffer str httpCode success="" ip customUpstreamResolver
+  local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
   local file_path permissions ip_addr port blocked=false download=true
   # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
   local modifiedOptions=()

From 7a641f4c35b29f82e7d706b14e9260734fd8d842 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <github@yubiuser.dev>
Date: Tue, 22 Apr 2025 22:52:33 +0200
Subject: [PATCH 6/6] Use paramteter expansion to prevent adding literal '' if
 parameter is empty
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <github@yubiuser.dev>
---
 gravity.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gravity.sh b/gravity.sh
index 4ce532fc..19458c16 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -745,7 +745,7 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   if [[ "${download}" == true ]]; then
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${customUpstreamResolver}" "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
+    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
   fi
 
   case $url in