aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2017-09-11 10:24:11 -0400
committerJunio C Hamano <gitster@pobox.com>2017-09-12 11:08:15 +0900
commit8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26 (patch)
tree6e975ad2e67ec9cd0d4cc88a3695970a031e5d23
parent4d4165b80d6b91a255e2847583bd4df98b5d54e1 (diff)
downloadgit-8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26.tar.gz
git-8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26.tar.xz
archimport: use safe_pipe_capture for user input
Refnames can contain shell metacharacters which need to be passed verbatim to sub-processes. Using safe_pipe_capture skips the shell entirely. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rwxr-xr-xgit-archimport.perl4
1 files changed, 2 insertions, 2 deletions
diff --git a/git-archimport.perl b/git-archimport.perl
index 9cb123a07..b7c173c34 100755
--- a/git-archimport.perl
+++ b/git-archimport.perl
@@ -983,7 +983,7 @@ sub find_parents {
# check that we actually know about the branch
next unless -e "$git_dir/refs/heads/$branch";
- my $mergebase = `git-merge-base $branch $ps->{branch}`;
+ my $mergebase = safe_pipe_capture(qw(git-merge-base), $branch, $ps->{branch});
if ($?) {
# Don't die here, Arch supports one-way cherry-picking
# between branches with no common base (or any relationship
@@ -1074,7 +1074,7 @@ sub find_parents {
sub git_rev_parse {
my $name = shift;
- my $val = `git-rev-parse $name`;
+ my $val = safe_pipe_capture(qw(git-rev-parse), $name);
die "Error: git-rev-parse $name" if $?;
chomp $val;
return $val;