diff options
| author | Jeff King <peff@peff.net> | 2017-09-11 17:24:26 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-09-12 05:10:22 +0300 |
| commit | 5b4efea666951efe0770f8d5a301f8917015315f (patch) | |
| tree | 81716c784144cb20544ef275e25cd51444493d67 /git-cvsimport.perl | |
| parent | 4d4165b80d6b91a255e2847583bd4df98b5d54e1 (diff) | |
cvsimport: shell-quote variable used in backticks
We run `git rev-parse` though the shell, and quote its
argument only with single-quotes. This prevents most
metacharacters from being a problem, but misses the obvious
case when $name itself has single-quotes in it. We can fix
this by applying the usual shell-quoting formula.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'git-cvsimport.perl')
| -rwxr-xr-x | git-cvsimport.perl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/git-cvsimport.perl b/git-cvsimport.perl index 1e4e65a45d..36929921ea 100755 --- a/git-cvsimport.perl +++ b/git-cvsimport.perl @@ -642,6 +642,7 @@ sub is_sha1 { sub get_headref ($) { my $name = shift; + $name =~ s/'/'\\''/; my $r = `git rev-parse --verify '$name' 2>/dev/null`; return undef unless $? == 0; chomp $r; |