Package: git / 1:2.11.0-3+deb9u4

archimport-use-safe_pipe_capture-for-user-input.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
From b6221e9efcea1db88daa7d4f78931c1cab5a5e46 Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Mon, 11 Sep 2017 10:24:11 -0400
Subject: archimport: use safe_pipe_capture for user input

Refnames can contain shell metacharacters which need to be
passed verbatim to sub-processes. Using safe_pipe_capture
skips the shell entirely.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 git-archimport.perl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/git-archimport.perl b/git-archimport.perl
index 9cb123a07d..b7c173c345 100755
--- a/git-archimport.perl
+++ b/git-archimport.perl
@@ -983,7 +983,7 @@ sub find_parents {
 	# check that we actually know about the branch
 	next unless -e "$git_dir/refs/heads/$branch";
 
-	my $mergebase = `git-merge-base $branch $ps->{branch}`;
+	my $mergebase = safe_pipe_capture(qw(git-merge-base), $branch, $ps->{branch});
 	if ($?) {
 	    # Don't die here, Arch supports one-way cherry-picking
 	    # between branches with no common base (or any relationship
@@ -1074,7 +1074,7 @@ sub find_parents {
 
 sub git_rev_parse {
     my $name = shift;
-    my $val  = `git-rev-parse $name`;
+    my $val  = safe_pipe_capture(qw(git-rev-parse), $name);
     die "Error: git-rev-parse $name" if $?;
     chomp $val;
     return $val;
-- 
2.14.1.821.g8fa685d3b7