Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

svn: properly escape arguments for authors-prog

Previously, the call to authors-prog was not properly escaped, so any
special characters in the Subversion username, such as spaces and
semi-colons, would be interpreted by the shell rather than being passed
in as the first argument.  Now all unsafe characters are escaped using
"git rev-parse --sq-quote"

[ew: switched from "\Q..\E" to "rev-parse --sq-quote"]

Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information...
commit d3d7d47e6e0c3077fa39ffcca2b7f5f48ea97812 1 parent 45c58ba
@MarkLodato MarkLodato authored gitster committed
Showing with 15 additions and 0 deletions.
  1. +1 −0  git-svn.perl
  2. +14 −0 t/t9138-git-svn-authors-prog.sh
View
1  git-svn.perl
@@ -2810,6 +2810,7 @@ sub other_gs {
sub call_authors_prog {
my ($orig_author) = @_;
+ $orig_author = command_oneline('rev-parse', '--sq-quote', $orig_author);
my $author = `$::_authors_prog $orig_author`;
if ($? != 0) {
die "$::_authors_prog failed with exit code $?\n"
View
14 t/t9138-git-svn-authors-prog.sh
@@ -66,4 +66,18 @@ test_expect_success 'authors-file overrode authors-prog' '
)
'
+git --git-dir=x/.git config --unset svn.authorsfile
+git --git-dir=x/.git config --unset svn.authorsprog
+
+test_expect_success 'authors-prog handled special characters in username' '
+ svn mkdir -m bad --username "xyz; touch evil" "$svnrepo"/bad &&
+ (
+ cd x &&
+ git svn --authors-prog=../svn-authors-prog fetch &&
+ git rev-list -1 --pretty=raw refs/remotes/git-svn |
+ grep "^author xyz; touch evil <xyz; touch evil@example\.com> " &&
+ ! test -f evil
+ )
+'
+
test_done
Please sign in to comment.
Something went wrong with that request. Please try again.