From d1d7548e090ea3d52222557d1220757d62200c37 Mon Sep 17 00:00:00 2001
From: David Kerr <david@kerr.net>
Date: Sat, 22 Aug 2020 21:32:27 -0400
Subject: [PATCH] So the bug was actually in the escape_curl_param function,
 not that the data should not be escaped

---
 ddclient.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ddclient.in b/ddclient.in
index be14ab4..4a8409b 100755
--- a/ddclient.in
+++ b/ddclient.in
@@ -2283,8 +2283,8 @@ sub escape_curl_param {
     my $str = shift // '';
 
     return '' if ($str eq '');
-    $str =~ s/"/\\"/g;  ## Escape double-quotes
     $str =~ s/\\/\\\\/g;## Escape backslashes
+    $str =~ s/"/\\"/g;  ## Escape double-quotes
     $str =~ s/\n/\\n/g; ## Escape newline
     $str =~ s/\r/\\r/g; ## Escape carrage return
     $str =~ s/\t/\\t/g; ## Escape tabs
@@ -2412,7 +2412,7 @@ sub fetch_via_curl {
             push(@curlopt, @header_lines);
 
             # Add in the data if any was provided (for POST/PATCH)
-            push(@curlopt, "data=${data}") if ($data);
+            push(@curlopt, "data=\"".escape_curl_param(${data}).'"') if ($data);
 
             # don't include ${url} as that might expose login credentials
             $0 = sprintf("%s - Curl system cmd sending to %s", $program, "${protocol}://${server}");