Fix dynamic string usage as safe input

Test Plan: Copied the code in a script, changed `phutil_passthru()` to `echo csprintf()` and ran it.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4805

src/workflow/ArcanistCommitWorkflow.php

@@ -144,15 +144,20 @@ EOTEXT
     $tmp_file = new TempFile();
     Filesystem::writeFile($tmp_file, $message);
 
-    $command = $this->getSVNCommitCommand();
+    $command = csprintf(
+      'svn commit %Ls --encoding utf-8 -F %s',
+      $files,
+      $tmp_file);
+
+    // make sure to specify LANG on non-windows systems to surpress any fancy
+    // warnings; see @{method:getSVNLangEnvVar}.
+    if (!phutil_is_windows()) {
+      $command = csprintf('LANG=%C %C', $this->getSVNLangEnvVar(), $command);
+    }
+
     chdir($repository_api->getPath());
 
-    $err = phutil_passthru(
+    $err = phutil_passthru('%C', $command);
-      $command,
-      $files,
-      $tmp_file
-    );
-
     if ($err) {
       throw new Exception("Executing 'svn commit' failed!");
     }
@@ -296,16 +301,6 @@ EOTEXT
     return $locale;
   }
 
-  private function getSVNCommitCommand() {
-    $command = 'svn commit %Ls --encoding utf-8 -F %s';
-    // make sure to specify LANG on non-windows systems to surpress any fancy
-    // warnings; see @{method:getSVNLangEnvVar}.
-    if (!phutil_is_windows()) {
-      $command = 'LANG='.$this->getSVNLangEnvVar().' '.$command;
-    }
-    return $command;
-  }
-
   private function runSanityChecks(array $revision) {
     $repository_api = $this->getRepositoryAPI();
     $revision_id = $revision['id'];