revi-archive/phorge-arcanist
1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2025-02-22 19:49:01 +01:00
Code Issues Releases Wiki Activity

Fix dynamic string usage as safe input

Browse source 
Test Plan: Copied the code in a script, changed `phutil_passthru()` to `echo csprintf()` and ran it.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4805
This commit is contained in:
vrana 2013-02-04 11:27:16 -08:00
parent 95b2c4587d
commit 8e34e2bd03
1 changed files with 12 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/workflow/ArcanistCommitWorkflow.php
View file

@ -144,15 +144,20 @@ EOTEXT
$tmp_file = new TempFile();
Filesystem::writeFile($tmp_file, $message);
$command = $this->getSVNCommitCommand();
$command = csprintf(
'svn commit %Ls --encoding utf-8 -F %s',
$files,
$tmp_file);
// make sure to specify LANG on non-windows systems to surpress any fancy
// warnings; see @{method:getSVNLangEnvVar}.
if (!phutil_is_windows()) {
$command = csprintf('LANG=%C %C', $this->getSVNLangEnvVar(), $command);
}
chdir($repository_api->getPath());
$err = phutil_passthru(
$command,
$files,
$tmp_file
);
$err = phutil_passthru('%C', $command);
if ($err) {
throw new Exception("Executing 'svn commit' failed!");
}
@ -296,16 +301,6 @@ EOTEXT
return $locale;
}
private function getSVNCommitCommand() {
$command = 'svn commit %Ls --encoding utf-8 -F %s';
// make sure to specify LANG on non-windows systems to surpress any fancy
// warnings; see @{method:getSVNLangEnvVar}.
if (!phutil_is_windows()) {
$command = 'LANG='.$this->getSVNLangEnvVar().' '.$command;
}
return $command;
}
private function runSanityChecks(array $revision) {
$repository_api = $this->getRepositoryAPI();
$revision_id = $revision['id'];