From 2fdafc8d3a8fa023498c0cd2c2afd23a05c571ca Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Sun, 19 Dec 2021 12:36:00 +0100
Subject: [PATCH] polybar: sanitize a bit more untrusted inputs

---
 bin/i3-companion    | 2 +-
 bin/polybar-weather | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/i3-companion b/bin/i3-companion
index 5000465..3fa3f30 100755
--- a/bin/i3-companion
+++ b/bin/i3-companion
@@ -950,7 +950,7 @@ async def network_manager_status(i3, event, *args):
             state = await nma.State
             if state == NM_ACTIVE_CONNECTION_STATE_ACTIVATED:
                 status.append(icons["vpn"])
-                status.append(await nma.Id)
+                status.append((await nma.Id).replace("%", "%%"))
 
     # Final status line
     return " ".join(status)
diff --git a/bin/polybar-weather b/bin/polybar-weather
index ad220e7..3448da5 100755
--- a/bin/polybar-weather
+++ b/bin/polybar-weather
@@ -177,6 +177,7 @@ if __name__ == "__main__":
                 round(weather["daily"][0]["temp"]["max"]),
             ),
         ]
+        city = city.replace('%', '%%')
         conditions.insert(0, f"%{{F#888}}%{{Tx}}%{{T-}} {city}%{{F-}}")
         output = " ".join(conditions).replace("%{Tx}", "%%{T%d}" % options.font_index)
         logger.debug("output: %s", output)