You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Sviataslau Svirydau <Sv...@epam.com> on 2004/12/09 08:54:35 UTC
[Fwd: Re: [BUG] svn_load_dirs.pl does not quote filenames when running
shell]
Hello,
please look below for bug description and a patch
-------- Original Message --------
Subject: Re: [BUG] svn_load_dirs.pl does not quote filenames when
running shell
Date: 08 Dec 2004 11:05:16 -0600
From: kfogel@collab.net
To: Sviataslau Svirydau <Sv...@epam.com>
CC: users@subversion.tigris.org
Thanks for the bug report! Can you resend it to
dev@subversion.tigris.org?
(I'd apply it myself, but I suspect there will be more places that
need fixing, and hopefully someone with a bit more familiarity with
svn_load_dirs.pl can take a look.)
-Karl
Sviataslau Svirydau <Sv...@epam.com> writes:
> Hello,
>
> I've found a bug in svn_load_dirs.pl. It passes filenames to shell as
> is without quotation. This leads to fail if filename contain some
> special characters. In my case I had filename with brackets and
> svn_load_dirs.pl was failed when processing this file. I've managed to
> fix it for me (see patch below), though I'm not an expert in perl, so
> a solution might be not the best. Anyway, I think it's needed to quote
> filenames anywhere when shell is called (I've fixed it for me at only
> one place).
>
> PS I not subscribed to this list, so please CC me when answering
>
> PPS here is a patch:
>
> -----------------------------
> --- svn_load_dirs.pl~ 2004-12-07 17:49:19 +0200
> +++ svn_load_dirs.pl 2004-12-06 19:37:46 +0200
> @@ -1162,7 +1162,7 @@ while (defined (my $load_dir = &get_next
> keys %upd_files;
> foreach my $upd_file (@upd_files)
> {
> - my @command = ($svn, 'propget', 'svn:eol-style', $upd_file);
> + my @command = ($svn, 'propget', 'svn:eol-style',"\'$upd_file\'");
> my @lines = read_from_process(@command);
> next unless @lines;
> if (@lines > 1)
> -----------------------------
--
Best Regards,
Sviataslau Svirydau <Sviataslau_Svirydau at epam.com>
phone: +375 (17) 210 1662, ext. 1503
fax: +375 (17) 210 1168
mobile: +375 (29) 641 4214
--
Machines certainly can solve problems, store information, correlate,
and play games -- but not with pleasure.
-- Leo Rosten
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [Fwd: Re: [BUG] svn_load_dirs.pl does not quote filenames when
running shell]
Posted by Sviataslau Svirydau <Sv...@epam.com>.
Max Bowsher wrote:
>> Sviataslau Svirydau <Sv...@epam.com> writes:
>>
>>> Hello,
>>>
>>> I've found a bug in svn_load_dirs.pl. It passes filenames to shell as
>>> is without quotation. This leads to fail if filename contain some
>>> special characters. In my case I had filename with brackets and
>>> svn_load_dirs.pl was failed when processing this file. I've managed to
>>> fix it for me (see patch below), though I'm not an expert in perl, so
>>> a solution might be not the best. Anyway, I think it's needed to quote
>>> filenames anywhere when shell is called (I've fixed it for me at only
>>> one place).
>>>
>>> PS I not subscribed to this list, so please CC me when answering
>>>
>>> PPS here is a patch:
>>> <skipped>
>>
> Thankyou, but this patch is not OK.
>
> svn_load_dirs.pl already contains quoting logic and/or direct
> execution without a shell logic - it should work without this change!
> Hacking in an additional pair of quotes in one location is not an
> solution - we need to find out why the existing code isn't doing the
> job it is designed to do.
>
> Please tell us which OS you are using, and which version of
> svn_load_dirs.pl
>
Sorry for long delay,
I'm using linux.
I've found the place you mentioned and I'm using different patch now for
that:
==========================
--- contrib/client-side/svn_load_dirs.pl.in~ 2005-01-25 11:08:14 +0200
+++ contrib/client-side/svn_load_dirs.pl.in 2005-01-25 11:08:20 +0200
@@ -1462,7 +1462,7 @@ sub safe_read_from_pipe
{
# Munge the command to protect it from the command line
$command =~ s/\"/\\\"/g;
- if ($command =~ m"\s") { $command = "\"$command\""; }
+ if ($command =~ m"[\s()]") { $command = "\"$command\""; }
if ($command eq "") { $command = "\"\""; }
if ($command =~ m"\n")
{
==========================
The modification is to quote sctrings that contains braces.
However, I think that the most safe solution for unix shells is to quote
all strings and escape quotation marks. But I do not know how will it
work on other platforms.
--
Best Regards,
Sviataslau Svirydau <Sviataslau_Svirydau at epam.com>
phone: +375 (17) 210 1662, ext. 1503
fax: +375 (17) 210 1168
mobile: +375 (29) 641 4214
--
Sturgeon's Law:
90% of everything is crud.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [Fwd: Re: [BUG] svn_load_dirs.pl does not quote filenames when
running shell]
Posted by Sviataslau Svirydau <Sv...@epam.com>.
Max Bowsher wrote:
> Thankyou, but this patch is not OK.
>
> svn_load_dirs.pl already contains quoting logic and/or direct
> execution without a shell logic - it should work without this change!
> Hacking in an additional pair of quotes in one location is not an
> solution - we need to find out why the existing code isn't doing the
> job it is designed to do.
>
> Please tell us which OS you are using, and which version of
> svn_load_dirs.pl
It did not worl for me without hacking, though I know a about perl
almost nothing, and it was the only solution I've found. I did not tried
to analyse logic of program, I needed just a quick solution :)
I use Linux, subversion is 1.1.1.
svn_load_dirs.pl has such header:
# $HeadURL:
http://svn.collab.net/repos/svn/branches/1.1.x/contrib/client-side/svn_load_dirs.pl.in
$
# $LastChangedDate: 2004-06-15 00:39:22 -0400 (Tue, 15 Jun 2004) $
# $LastChangedBy: breser $
# $LastChangedRevision: 10000 $
--
Best Regards,
Sviataslau Svirydau <Sviataslau_Svirydau at epam.com>
phone: +375 (17) 210 1662, ext. 1503
fax: +375 (17) 210 1168
mobile: +375 (29) 641 4214
--
we:
The single most important word in the world.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [Fwd: Re: [BUG] svn_load_dirs.pl does not quote filenames when running shell]
Posted by Max Bowsher <ma...@ukf.net>.
> Sviataslau Svirydau <Sv...@epam.com> writes:
>> Hello,
>>
>> I've found a bug in svn_load_dirs.pl. It passes filenames to shell as
>> is without quotation. This leads to fail if filename contain some
>> special characters. In my case I had filename with brackets and
>> svn_load_dirs.pl was failed when processing this file. I've managed to
>> fix it for me (see patch below), though I'm not an expert in perl, so
>> a solution might be not the best. Anyway, I think it's needed to quote
>> filenames anywhere when shell is called (I've fixed it for me at only
>> one place).
>>
>> PS I not subscribed to this list, so please CC me when answering
>>
>> PPS here is a patch:
>>
>> -----------------------------
>> --- svn_load_dirs.pl~ 2004-12-07 17:49:19 +0200
>> +++ svn_load_dirs.pl 2004-12-06 19:37:46 +0200
>> @@ -1162,7 +1162,7 @@ while (defined (my $load_dir = &get_next
>> keys %upd_files;
>> foreach my $upd_file (@upd_files)
>> {
>> - my @command = ($svn, 'propget', 'svn:eol-style', $upd_file);
>> + my @command = ($svn, 'propget',
>> 'svn:eol-style',"\'$upd_file\'"); my @lines =
>> read_from_process(@command); next unless @lines;
>> if (@lines > 1)
>> -----------------------------
Thankyou, but this patch is not OK.
svn_load_dirs.pl already contains quoting logic and/or direct execution
without a shell logic - it should work without this change!
Hacking in an additional pair of quotes in one location is not an solution -
we need to find out why the existing code isn't doing the job it is designed
to do.
Please tell us which OS you are using, and which version of svn_load_dirs.pl
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org