subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject shelves: system("diffstat -p0 %s")
Date Fri, 09 Feb 2018 17:12:46 GMT
shelve-cmd.c and shelf-cmd.c contain these pieces of code:

   120	      if (diffstat)
   121	        {
   122	#ifndef WIN32
   123	          int result = system(apr_psprintf(scratch_pool,
   124	                                           "diffstat -p0 %s 2> /dev/null",
   125	                                           info->patch_path));
   126	          if (result == 0)
   127	            SVN_ERR(svn_cmdline_printf(scratch_pool,
   128	                                       "\n"));
   129	#endif
   130	        }

    74	/* Print some details of the changes in the patch described by INFO.
    75	 */
    76	static svn_error_t *
    77	show_diffstat(svn_client_shelf_version_t *shelf_version,
    78	              apr_pool_t *scratch_pool)
    79	{
    80	#ifndef WIN32
    81	  const char *patch_abspath;
    82	  int result;
    83	
    84	  SVN_ERR(svn_client_shelf_get_patch_abspath(&patch_abspath, shelf_version,
    85	                                             scratch_pool));
    86	  result = system(apr_psprintf(scratch_pool,
    87	                               "diffstat -p0 '%s' 2> /dev/null",
    88	                               patch_abspath));
    89	  if (result == 0)
    90	    SVN_ERR(svn_cmdline_printf(scratch_pool, "\n"));
    91	#endif
    92	  return SVN_NO_ERROR;
    93	}

Neither of these calls correctly quotes the path that's interpolated
into the command line.  Consequently, the wcroot_abspath would be
executed as shell commands.  Could that be fixed please?

Cheers,

Daniel

Mime
View raw message