Skip to content

G
git

李少辉-开发者 / git
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 1
Fork 0
G
git

体验新版 GitCode,发现更多精彩内容 >>

提交 516381d5 编写于 作者: L Lea Wiemann 提交者: Junio C Hamano
浏览文件
操作

gitweb: quote commands properly when calling the shell 

This eliminates the function git_cmd_str, which was used for composing
command lines, and adds a quote_command function, which quotes all of
its arguments (as in quote.c).
Signed-off-by: NLea Wiemann <LeWiemann@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>
上级 79c6dca4
隐藏空白更改
内联 并排
Showing with 14 addition and 10 deletion
gitweb/gitweb.perl
浏览文件 @ 516381d5
...@@ -1500,9 +1500,13 @@ sub git_cmd { ...@@ -1500,9 +1500,13 @@ sub git_cmd {
return $GIT, '--git-dir='.$git_dir; return $GIT, '--git-dir='.$git_dir;
} }
# returns path to the core git executable and the --git-dir parameter as string # quote the given arguments for passing them to the shell
sub git_cmd_str { # quote_command("command", "arg 1", "arg with ' and ! characters")
return join(' ', git_cmd()); # => "'command' 'arg 1' 'arg with '\'' and '\!' characters'"
# Try to avoid using this function wherever possible.
sub quote_command {
return join(' ',
map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ ));
} }
# get HEAD ref of given project as hash # get HEAD ref of given project as hash
...@@ -4633,7 +4637,6 @@ sub git_snapshot { ...@@ -4633,7 +4637,6 @@ sub git_snapshot {
$hash = git_get_head_hash($project); $hash = git_get_head_hash($project);
} }
my $git_command = git_cmd_str();
my $name = $project; my $name = $project;
$name =~ s,([^/])/*\.git$,$1,; $name =~ s,([^/])/*\.git$,$1,;
$name = basename($name); $name = basename($name);
...@@ -4641,11 +4644,12 @@ sub git_snapshot { ...@@ -4641,11 +4644,12 @@ sub git_snapshot {
$name =~ s/\047/\047\\\047\047/g; $name =~ s/\047/\047\\\047\047/g;
my $cmd; my $cmd;
$filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}"; $filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}";
$cmd = "$git_command archive " . $cmd = quote_command(
"--format=$known_snapshot_formats{$format}{'format'} " . git_cmd(), 'archive',
"--prefix=\'$name\'/ $hash"; "--format=$known_snapshot_formats{$format}{'format'}",
"--prefix=$name/", $hash);
if (exists $known_snapshot_formats{$format}{'compressor'}) { if (exists $known_snapshot_formats{$format}{'compressor'}) {
$cmd .= ' | ' . join ' ', @{$known_snapshot_formats{$format}{'compressor'}}; $cmd .= ' | ' . quote_command(@{$known_snapshot_formats{$format}{'compressor'}});
} }
print $cgi->header( print $cgi->header(
...@@ -4858,8 +4862,8 @@ sub git_object { ...@@ -4858,8 +4862,8 @@ sub git_object {
if ($hash || ($hash_base && !defined $file_name)) { if ($hash || ($hash_base && !defined $file_name)) {
my $object_id = $hash || $hash_base; my $object_id = $hash || $hash_base;
my $git_command = git_cmd_str(); open my $fd, "-|", quote_command(
open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null" git_cmd(), 'cat-file', '-t', $object_id) . ' 2> /dev/null'
or die_error('404 Not Found', "Object does not exist"); or die_error('404 Not Found', "Object does not exist");
$type = <$fd>; $type = <$fd>;
chomp $type; chomp $type;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册