git-gui: treat file names beginning with "|" as relative paths
The Tcl 'open' function has a very wide interface. It can open files as well as pipes to external processes. The difference is made only by the first character of the file name: if it is "|", a process is spawned. We have a number of calls of Tcl 'open' that take a file name from the environment in which Git GUI is running. Be prepared that insane values are injected. In particular, when we intend to open a file, do not take a file name that happens to begin with "|" as a request to run a process. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Taylor Blau <me@ttaylorr.com>
This commit is contained in:
Johannes Sixt
committed by
Taylor Blau
Taylor Blau
parent
8255167b26
commit
c2e8904258
@@ -225,7 +225,7 @@ A good commit message has the following format:
|
||||
# -- Build the message file.
|
||||
#
|
||||
set msg_p [gitdir GITGUI_EDITMSG]
|
||||
set msg_wt [open $msg_p w]
|
||||
set msg_wt [safe_open_file $msg_p w]
|
||||
fconfigure $msg_wt -translation lf
|
||||
setup_commit_encoding $msg_wt
|
||||
puts $msg_wt $msg
|
||||
@@ -409,7 +409,7 @@ A rescan will be automatically started now.
|
||||
if {$commit_type ne {normal}} {
|
||||
append reflogm " ($commit_type)"
|
||||
}
|
||||
set msg_fd [open $msg_p r]
|
||||
set msg_fd [safe_open_file $msg_p r]
|
||||
setup_commit_encoding $msg_fd 1
|
||||
gets $msg_fd subject
|
||||
close $msg_fd
|
||||
|
||||
Reference in New Issue
Block a user