cvsimport: shell-quote variable used in backticks
authorJeff King <peff@peff.net>
Mon, 11 Sep 2017 14:24:26 +0000 (10:24 -0400)
committerJunio C Hamano <gitster@pobox.com>
Tue, 12 Sep 2017 02:10:22 +0000 (11:10 +0900)
We run `git rev-parse` though the shell, and quote its
argument only with single-quotes. This prevents most
metacharacters from being a problem, but misses the obvious
case when $name itself has single-quotes in it. We can fix
this by applying the usual shell-quoting formula.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-cvsimport.perl
index 1e4e65a45d16cfcc5a36e6855216e9be8fe0e0b4..36929921ea79006dc659f6996ae158131ccf2b73 100755 (executable)
@@ -642,6 +642,7 @@ sub is_sha1 {
 
 sub get_headref ($) {
        my $name = shift;
+       $name =~ s/'/'\\''/;
        my $r = `git rev-parse --verify '$name' 2>/dev/null`;
        return undef unless $? == 0;
        chomp $r;