>>>>> "Alex" == Alex Riesen <raa.lkml@xxxxxxxxx> writes:
Alex> Is $tmpname safe?
>> - my $sha = <$F>;
>> + my $sha = qx{git-hash-object -w $name};
>> + !$? or exit $?;
Alex> Is $name safe?
>> - while(<$f>) {
>> + foreach (qx{git-ls-tree -r -z $gitrev $srcpath}) {
>> chomp;
Alex> Is $srcpath safe?
>> - while(<$F>) {
>> + foreach (qx{git-ls-files -z @o1}) {
Alex> @o1 must contain filenames. Can be dangerous
Convert all of these to use "safe_qx" (perl 5.6 compatible):
sub safe_qx {
defined (my $pid = open my $kid, "-|") or die "Cannot fork: $!";
unless ($pid) { # child does:
exec @_;
die "Cannot exec @_: $!";
}
my $result = do { local $/; <$kid> };
close $kid; # sets $?
return $result;
}
my $result = safe_qx('some shell command');
my $other_result = safe_qx('git-ls-tree', '-r', '-z', $gitrev, $srcpath);
Args are safe, as if being passed to system/exec, so a single arg
can be a shell command, multiargs are passed arg-by-arg to a single
exec target. $? is set correctly.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@xxxxxxxxxxxxxx> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html