Re: flaw in python bindings diff?

From: <gstein_at_collab.net>
Date: 2003-01-27 19:55:14 CET

On Mon, Jan 27, 2003 at 10:31:22AM -0600, cmpilato@collab.net wrote:
Michael Kefeder mike@weird-birds.org writes:
...
  Where i'd like to vote for the svn-bindings. Because i think there's
  a flaw within fs.py in FileDiff::get_pipe(). The diffoptions (passed
  to FileDiff constructor) are string.split() which can result into
  strange behaviour because split() uses all whitespace characters for
  splitting if not told otherwise.

Ah...looks like Greg Stein busted this when he converted to popen2 in
revision 4343 (strangely enough because he claimed it fixed diffs on
files with spaces in them). Greg, can you help out a bit here?

Switching to popen2 meant that I passed a filename as a separate
argument, which fixes the spaces. I forgot that a filename might be
part of those diffoptions.

Yes, passing a list as the diffoptions is the best behavior.

The reason to use popen2.popen2() is for security. The shell never
sees the command string; we just directly exec() the new process with
the right arguments. In the standard popen(), that goes to the shell
which can then parse for redirections and whatnot -- major security
nightmare.

Cheers,
-g

-- 
Greg Stein, Director of Software Engineering
CollabNet, Inc.  http://www.collab.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sat Oct 14 02:20:09 2006

This message: [ Message body ]
Next message: cmpilato_at_collab.net: "Re: flaw in python bindings diff?"
Previous message: garret_at_globalmentor.com: "Re: Subversion stops working"
Next in thread: cmpilato_at_collab.net: "Re: flaw in python bindings diff?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]