Permalink
Browse files

patch 8.0.0442: patch shell command not well escaped

Problem:    Patch shell command uses double quotes around the argument, which
            allows for $HOME to be expanded. (Etienne)
Solution:   Use single quotes on Unix. (closes #1543)
  • Loading branch information...
brammool committed Mar 9, 2017
1 parent ad2cfb5 commit 1ef73e33c9414eb02c229d8234aafd9d481a8856
Showing with 22 additions and 4 deletions.
  1. +6 −1 src/diff.c
  2. +14 −3 src/testdir/test_diffmode.vim
  3. +2 −0 src/version.c
View
@@ -977,7 +977,12 @@ ex_diffpatch(exarg_T *eap)
{
/* Build the patch command and execute it. Ignore errors. Switch to
* cooked mode to allow the user to respond to prompts. */
- vim_snprintf((char *)buf, buflen, "patch -o %s %s < \"%s\"",
+ vim_snprintf((char *)buf, buflen,
+#ifdef UNIX
+ "patch -o %s %s < '%s'",
+#else
+ "patch -o %s %s < \"%s\"",
+#endif
tmp_new, tmp_orig,
# ifdef UNIX
fullname != NULL ? fullname :
@@ -318,9 +318,20 @@ func Test_diffpatch()
bwipe!
new
call assert_fails('diffpatch Xpatch', 'E816:')
- call setline(1, ['1', '2', '3'])
- diffpatch Xpatch
- call assert_equal(['1', '2x', '3', '4'], getline(1, '$'))
+
+ for name in ['Xpatch', 'Xpatch$HOME']
+ call setline(1, ['1', '2', '3'])
+ if name != 'Xpatch'
+ call rename('Xpatch', name)
+ endif
+ exe 'diffpatch ' . escape(name, '$')
+ call assert_equal(['1', '2x', '3', '4'], getline(1, '$'))
+ if name != 'Xpatch'
+ call rename(name, 'Xpatch')
+ endif
+ bwipe!
+ endfor
+
call delete('Xpatch')
bwipe!
endfunc
View
@@ -764,6 +764,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 442,
/**/
441,
/**/

0 comments on commit 1ef73e3

Please sign in to comment.