| From b6221e9efcea1db88daa7d4f78931c1cab5a5e46 Mon Sep 17 00:00:00 2001 |
| From: Jeff King <peff@peff.net> |
| Date: Mon, 11 Sep 2017 10:24:11 -0400 |
| Subject: archimport: use safe_pipe_capture for user input |
| |
| Refnames can contain shell metacharacters which need to be |
| passed verbatim to sub-processes. Using safe_pipe_capture |
| skips the shell entirely. |
| |
| Signed-off-by: Jeff King <peff@peff.net> |
| Signed-off-by: Junio C Hamano <gitster@pobox.com> |
| --- |
| git-archimport.perl | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/git-archimport.perl b/git-archimport.perl |
| index 9cb123a07d..b7c173c345 100755 |
| --- a/git-archimport.perl |
| +++ b/git-archimport.perl |
| @@ -983,7 +983,7 @@ sub find_parents { |
| # check that we actually know about the branch |
| next unless -e "$git_dir/refs/heads/$branch"; |
| |
| - my $mergebase = `git-merge-base $branch $ps->{branch}`; |
| + my $mergebase = safe_pipe_capture(qw(git-merge-base), $branch, $ps->{branch}); |
| if ($?) { |
| # Don't die here, Arch supports one-way cherry-picking |
| # between branches with no common base (or any relationship |
| @@ -1074,7 +1074,7 @@ sub find_parents { |
| |
| sub git_rev_parse { |
| my $name = shift; |
| - my $val = `git-rev-parse $name`; |
| + my $val = safe_pipe_capture(qw(git-rev-parse), $name); |
| die "Error: git-rev-parse $name" if $?; |
| chomp $val; |
| return $val; |
| -- |
| 2.14.1.821.g8fa685d3b7 |
| |
