Update scripts/ipmConfigEpics

copilot suggested fix.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: silkenelson

scripts/ipmConfigEpics

@@ -250,10 +250,13 @@ fi
 # Attempt to read the :SUM PV and open a GUI if successful and exits if not. Uses wave8 or ipimb accordingly
 ipmGUI(){
     if caget "${BASE}":SUM > /dev/null 2>&1; then
-        if [ ${#WAVE8V3} -gt 0 ]; then
-            cmdName=$(caget -St "${BASE}":LAUNCH_EDM)
-            echo calling the screen from: "$cmdName"
-            $cmdName
+            # Validate cmdName: allow only safe characters (alphanum, underscore, dash, slash, period)
+            if [[ "$cmdName" =~ ^[a-zA-Z0-9_./-]+$ ]]; then
+                $cmdName
+            else
+                echo "Error: Unsafe command detected in LAUNCH_EDM PV: '$cmdName'. Aborting."
+                exit 1
+            fi
         elif [ ${#WAVE8} -gt 0 ]; then
             /reg/g/pcds/pyps/apps/wave8/latest/wave8 --base "$BASE" --evr "$EVR" --ioc "$IOC"
         else