On Sub, 31 August 2008, Avery Pennarun wrote:
> On Sun, Aug 31, 2008 at 12:27 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>> merlyn@xxxxxxxxxxxxxx (Randal L. Schwartz) writes:
>>
>>>>>>>> "Avery" == Avery Pennarun <apenwarr@xxxxxxxxx> writes:
>>>
>>> Avery> Shell quoting is a disaster (including security holes, where relevant)
>>> Avery> waiting to happen. The above is the only sane way to do it, and it
>>> Avery> isn't very hard to implement. (Instead of system() in the subprocess,
>>> Avery> you can use exec().)
>>>
>>> quotemeta() is about regex quoting. This is not precisely the same as shell
>>> quoting, and is both misleading, and potentially broken.
>>
>> Agreed to, and grateful for, both of your comments.
>>
>> Do you like the one Jakub quoted from how gitweb does it? It looks like
>> this:
>>
>> # quote the given arguments for passing them to the shell
>> # quote_command("command", "arg 1", "arg with ' and ! characters")
>> # => "'command' 'arg 1' 'arg with '\'' and '\!' characters'"
>> # Try to avoid using this function wherever possible.
>> sub quote_command {
>> return join(' ',
>> map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ ));
>> }
>
> No, that's just another feeble attempt at quoting, which may or may
> not be correct. I'm not smart enough to tell.
First, according to POSIX, for POSIX-compatibile shells we should have:
2. Shell Command Language
2.2 Quoting
2.2.2 Single-Quotes
Enclosing characters in single-quotes ( '' ) shall preserve the literal
value of each character within the single-quotes. A single-quote cannot
occur within single-quotes.
http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_02_02
So that is why single quote "'" must be escaped as "I'am" -> 'I'\''am'
(' -> '\'', i.e. close quote, escaped ' = \', (re-)open quote).
Second, as Lea Wrote in commit message for 516381d5:
gitweb: quote commands properly when calling the shell
This eliminates the function git_cmd_str, which was used for composing
command lines, and adds a quote_command function, which quotes all of
its arguments (as in quote.c).
We have to go to quote.c to get to know why "!" is a special case too,
in addition to "'". The commit message for 77d604c3 (by H. Peter Anvin,
which is CC-ed) states:
Create function to sq_quote into a buffer
Handle !'s for csh-based shells
> I have a proper implementation in the 'runlock' script in gitbuilder:
>
> http://github.com/apenwarr/gitbuilder/tree/master/runlock
>
> In that particular case, I wanted to handle signals carefully, so I
> needed the manual fork thing even in perl 5.8. You can safely remove
> the signal handling stuff (and of course the lockfile stuff) if you
> just want a minimal safe fork-exec-wait implementation in perl.
But if we go this way, i.e. fork+exec (perhaps implicit fork), why do
not simply use appropriate commands from Git.pm (Git::Repo doesn't
have it yet, IIRC). As far as I remember Git.pm was created initially
to unify all different "safe_pipe" and "safe_cmd" implementations among
different Perl scripts in Git (Petr "Pasky" Baudis CC-ed).
--
Jakub Narebski
Poland
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
