archimport: use safe_pipe_capture for user input

Refnames can contain shell metacharacters which need to be passed verbatim to sub-processes. Using safe_pipe_capture skips the shell entirely. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitster · Sep 12, 2017 · 8d0fad0 · 8d0fad0
1 parent 4d4165b
commit 8d0fad0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/git-archimport.perl b/git-archimport.perl
@@ -983,7 +983,7 @@ sub find_parents {
 	# check that we actually know about the branch
 	next unless -e "$git_dir/refs/heads/$branch";
 
-	my $mergebase = `git-merge-base $branch $ps->{branch}`;
+	my $mergebase = safe_pipe_capture(qw(git-merge-base), $branch, $ps->{branch});
 	if ($?) {
 	    # Don't die here, Arch supports one-way cherry-picking
 	    # between branches with no common base (or any relationship
@@ -1074,7 +1074,7 @@ sub find_parents {
 
 sub git_rev_parse {
     my $name = shift;
-    my $val  = `git-rev-parse $name`;
+    my $val  = safe_pipe_capture(qw(git-rev-parse), $name);
     die "Error: git-rev-parse $name" if $?;
     chomp $val;
     return $val;