[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Fwd: Re: [BUG] svn_load_dirs.pl does not quote filenames when running shell]

From: Sviataslau Svirydau <Sviataslau_Svirydau_at_epam.com>
Date: 2005-03-04 13:55:31 CET

Max Bowsher wrote:

>> Sviataslau Svirydau <Sviataslau_Svirydau@epam.com> writes:
>>
>>> Hello,
>>>
>>> I've found a bug in svn_load_dirs.pl. It passes filenames to shell as
>>> is without quotation. This leads to fail if filename contain some
>>> special characters. In my case I had filename with brackets and
>>> svn_load_dirs.pl was failed when processing this file. I've managed to
>>> fix it for me (see patch below), though I'm not an expert in perl, so
>>> a solution might be not the best. Anyway, I think it's needed to quote
>>> filenames anywhere when shell is called (I've fixed it for me at only
>>> one place).
>>>
>>> PS I not subscribed to this list, so please CC me when answering
>>>
>>> PPS here is a patch:
>>> <skipped>
>>
> Thankyou, but this patch is not OK.
>
> svn_load_dirs.pl already contains quoting logic and/or direct
> execution without a shell logic - it should work without this change!
> Hacking in an additional pair of quotes in one location is not an
> solution - we need to find out why the existing code isn't doing the
> job it is designed to do.
>
> Please tell us which OS you are using, and which version of
> svn_load_dirs.pl
>
Sorry for long delay,
I'm using linux.
I've found the place you mentioned and I'm using different patch now for
that:

==========================
--- contrib/client-side/svn_load_dirs.pl.in~ 2005-01-25 11:08:14 +0200
+++ contrib/client-side/svn_load_dirs.pl.in 2005-01-25 11:08:20 +0200
@@ -1462,7 +1462,7 @@ sub safe_read_from_pipe
             {
               # Munge the command to protect it from the command line
               $command =~ s/\"/\\\"/g;
- if ($command =~ m"\s") { $command = "\"$command\""; }
+ if ($command =~ m"[\s()]") { $command = "\"$command\""; }
               if ($command eq "") { $command = "\"\""; }
               if ($command =~ m"\n")
                 {
==========================

The modification is to quote sctrings that contains braces.
However, I think that the most safe solution for unix shells is to quote
all strings and escape quotation marks. But I do not know how will it
work on other platforms.

-- 
Best Regards,
Sviataslau Svirydau <Sviataslau_Svirydau at epam.com>
phone:  +375 (17) 210 1662, ext. 1503
fax:    +375 (17) 210 1168
mobile: +375 (29) 641 4214
-- 
Sturgeon's Law:
	90% of everything is crud.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Mar 6 04:59:42 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.