Bastiaan Veelo wrote on Sat, May 04, 2013 at 22:58:52 +0200:
> # Heruistics to determine if file is binary.
> #
> # Take the paranoid approch, everything is binary, unless otherwise
> # stated If svn:eol-style is set, it is text If svn:mime-type is
> # text/*, it is text a configurable file glob list (extensions, *.txt,
> # etc) that are text (defined on the command line)
> sub file_is_binary {
> my $file = shift;
> if (has_svn_property($file, "svn:eol-style")) {
> return 0;
> }
> if (has_svn_property($file, "svn:mime-type")) {
> my ($mimetype) = read_from_process("$svnlook propget $flag $value $repos svn:mime-type \"$file\"");
That's a major security hole: an authenticated committer is able to run
arbitrary commands in the context of the OS user whom the commit process
runs as. (In particular, they can run 'rm -rf $repos' if they guess the
path to $repos.)
You need to escape $file properly. Probably by using the N-arguments
syntax of system() or open(), plus a '--' sentinel in svnlook's argv.
Received on 2013-05-05 02:10:54 CEST