Jens Peter Secher pisze:
> Thanks for the bug report.
>
> I am considering applying the following fix:
>
> if( "$realfile" =~ m/[\r\n\f<>`\$]/ ) {
> if(!$opt_q)
> { print "Skipping non-sane filename '$realfile'\n";}
> @diff = (@diff, "Non-sane: '$realfile'\n");
> next;
> }
>
> for outright rejecting weird filenames. Can you come up with other
> problematic characters in filenames?
Thanks for reply.
Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs
should be safe to:
His patch:
--- changetrack.orig 2009-09-16 17:59:55.000000000 +0200
+++ changetrack 2009-09-16 18:00:01.000000000 +0200
@@ -224,6 +224,10 @@
}
$yestfile = $compfile . ".yesterday"; # stores current data
+ my $yestfile_esc = &escape_shell_chars ($yestfile);
+ my $realfile_esc = &escape_shell_chars ($realfile);
+ my $compfile_esc = &escape_shell_chars ($compfile);
+
if( ! -r "$yestfile" ) { # can't open yesterday, doesn't
exist.
@diff = (@diff, "New file $realfile\n");
if($opt_e) {
@@ -243,12 +247,12 @@
printf STAT "%o\n%s\n%s\n", $filemode, $fileuid, $filegid;
close(STAT);
if(!$opt_r) {
- `cp $realfile $compfile`;
+ `cp $realfile_esc $compfile_esc`;
chdir($historypath);
- `co $rcs_quiet $compfile`; # hack to make rcs work.
- system("rcs $rcs_quiet -i -t-'this is $realfile' $compfile");
- `rcs $rcs_quiet -U $compfile`;
- `rm $compfile -f`;
+ `co $rcs_quiet $compfile_esc`; # hack to make rcs work.
+ system("rcs $rcs_quiet -i -t-'this is $realfile_esc'
$compfile_esc");
+ `rcs $rcs_quiet -U $compfile_esc`;
+ `rm $compfile_esc -f`;
}
}
@@ -295,7 +299,10 @@
close(STAT);
}
- open(DIFF, "diff $diffargs $yestfile $realfile |") or die "Exiting:
can't run diff:$!\n";
+ if ($realfile_esc =~ /test/) {
+ print "$realfile_esc\n";
+ }
+ open(DIFF, "diff $diffargs $yestfile_esc $realfile_esc |") or die
"Exiting: can't run diff:$!\n";
if(!$opt_q) {
print "$realfile";};
@@ -314,7 +321,7 @@
close(DIFF);
if($diff) {
- open(DIFF, "diff -e $yestfile $realfile |") or die "Can't do diff
-e:$!\n";
+ open(DIFF, "diff -e $yestfile_esc $realfile_esc |") or die "Can't
do diff -e:$!\n";
# use -e to create ed commands
while(<DIFF>) {
@ed = (@ed,"$_"); # get the 'ed'-styled diffs.
No need to understand them.
@@ -385,12 +392,12 @@
chdir($historypath) or die "Can't chdir to $historypath for ci:
$!\n";
my $quiet = "";
print "cp $realfile $compfile\n" unless defined($opt_q);
- `co $compfile`; # hack to make rcs work here too!
- `cp $realfile $compfile`; # make backup copy
+ `co $compfile_esc`; # hack to make rcs work here too!
+ `cp $realfile_esc $compfile_esc`; # make backup copy
#`mv $realfile $realfile.track`; # copy backwards, to keep
modification date
#`cp $realfile.track $realfile`; # make backup copy
- system("ci $rcs_quiet -m'modification of $realfile on $date' -l
$compfile");
- `rm $compfile`;
+ system("ci $rcs_quiet -m'modification of $realfile_esc on
$date' -l $compfile_esc");
+ `rm $compfile_esc`;
}
}
}
@@ -438,6 +445,16 @@
}
}
+#
+# escape shell meta characters and spaces
+sub escape_shell_chars
+{
+ my $arg = shift;
+ $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
+ return $arg;
+}
+
+
# $Log: changetrack,v $
# Revision 4.3 2005/02/28 16:50:23 cjmorlan
# Removed debugging lines!
it's all of them ? We don't know ;)
--
Regards
Marek Grzybowski
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
