luci-proto-wireguard: fixed a vulnerability in the checkPeerHost method

shellquote method is introduced so an injected code cannot be executed by the popen command.

Signed-off-by: Tom Haley <this_username_has_been_taken2@proton.me>

protocols/luci-proto-wireguard/root/usr/share/rpcd/ucode/luci.wireguard

@@ -16,7 +16,7 @@ function command(cmd) {
 }
 
 function checkPeerHost(configHost, configPort, wgHost) {
-	const ips = popen(`resolveip ${configHost} 2>/dev/null`);
+	const ips = popen(`resolveip ${shellquote(configHost)} 2>/dev/null`);
 	const hostIp = replace(wgHost, /\[|\]/g, "");
 	if (ips) {
 		for (let line = ips.read('line'); length(line); line = ips.read('line')) {