diff options
| author | Nigel Kukard <nkukard@lbsd.net> | 2013-11-05 02:06:27 +0400 |
|---|---|---|
| committer | Nigel Kukard <nkukard@lbsd.net> | 2013-11-05 02:09:03 +0400 |
| commit | c46eaca91247ccf8e6fb3b691dad028e1b084ae3 (patch) | |
| tree | faed085ef880760223d9b702ed7399fe84062b83 /spec | |
| parent | ee0e9830c1c1e4c54fd0b18fadef50f76c3680a4 (diff) | |
More escaping
- Database name may contain characters which are not shell friendly
- Database password could contain the same
- While we at it there is no harm in escaping generated paths too
- Refactored 2-line system(command)
Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/models/gollum_wiki_spec.rb | 4 | ||||
| -rw-r--r-- | spec/models/wiki_page_spec.rb | 4 | ||||
| -rw-r--r-- | spec/support/test_env.rb | 8 |
3 files changed, 8 insertions, 8 deletions
diff --git a/spec/models/gollum_wiki_spec.rb b/spec/models/gollum_wiki_spec.rb index 9e07d9ee191..de786478de9 100644 --- a/spec/models/gollum_wiki_spec.rb +++ b/spec/models/gollum_wiki_spec.rb @@ -1,11 +1,11 @@ require "spec_helper" +require "shellwords" describe GollumWiki do def create_temp_repo(path) FileUtils.mkdir_p path - command = "git init --quiet #{path};" - system(command) + system("git init --quiet #{Shellwords.shellescape(path)}") end def remove_temp_repo(path) diff --git a/spec/models/wiki_page_spec.rb b/spec/models/wiki_page_spec.rb index 67f2a6da42d..b9883342c3a 100644 --- a/spec/models/wiki_page_spec.rb +++ b/spec/models/wiki_page_spec.rb @@ -1,11 +1,11 @@ require "spec_helper" +require "shellwords" describe WikiPage do def create_temp_repo(path) FileUtils.mkdir_p path - command = "git init --quiet #{path};" - system(command) + system("git init --quiet #{Shellwords.shellescape(path)}") end def remove_temp_repo(path) diff --git a/spec/support/test_env.rb b/spec/support/test_env.rb index 16e10b1a62b..5c6f96abc1b 100644 --- a/spec/support/test_env.rb +++ b/spec/support/test_env.rb @@ -1,4 +1,5 @@ require 'rspec/mocks' +require 'shellwords' module TestEnv extend self @@ -102,7 +103,7 @@ module TestEnv repo = repo(namespace, name) # Symlink tmp/repositories/gitlabhq to tmp/test-git-base-path/gitlabhq - system("ln -s -f #{seed_repo_path()} #{repo}") + system("ln -s -f #{Shellwords.shellescape(seed_repo_path())} #{Shellwords.shellescape(repo)}") create_satellite(repo, namespace, name) end @@ -166,12 +167,11 @@ module TestEnv # Symlink tmp/satellite/gitlabhq to tmp/test-git-base-path/satellite/gitlabhq, create the directory if it doesn't exist already satellite_dir = File.dirname(satellite_repo) FileUtils.mkdir_p(satellite_dir) unless File.exists?(satellite_dir) - system("ln -s -f #{seed_satellite_path} #{satellite_repo}") + system("ln -s -f #{Shellwords.shellescape(seed_satellite_path)} #{Shellwords.shellescape(satellite_repo)}") end def create_temp_repo(path) FileUtils.mkdir_p path - command = "git init --quiet --bare #{path};" - system(command) + system("git init --quiet --bare #{Shellwords.shellescape(path)}") end end |