Lea Wiemann <lewiemann@xxxxxxxxx> writes: > git_cmd_str does not quote the directory names without this patch. > > Signed-off-by: Lea Wiemann <LeWiemann@xxxxxxxxx> > --- > git_cmd_str is really really bad from a security POV: Where it is > used, command lines are passed to the shell, which (I believe) just > *happen* to open no security holes. Hence the function should > ultimately go away. However, let's make the tests work for the > meantime while it's still there. I'd like to do away with need for git_cmd_str(), but unfortunately it is needed in a place where git has to form pipeline, namely in creating externally compressed snapshot (in git_snapshot), and to redirect stderr to /dev/null in git_object. Perhaps we could simply do without second, but this pipeline is here to stay (there was pipeline in git-search, but was replaced by invoking git-log instead of rev-list | diff-tree pipeline). And it is not easy to create pipeline using some variant of list form of open; if you search git mailing list archive you can find aborted (RFC only) attempt to create pipeline safely http://thread.gmane.org/gmane.comp.version-control.git/76566 If you are extending Git.pm (please do not foget Cc Petr Baudis, as it is mainly his code) for gitweb, you can try to add this. It doesn't have to be very generic... -- Jakub Narebski Poland ShadeHawk on #git -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
