From: Jeff King <peff@peff.net>
Date: Mon, 11 Sep 2017 14:24:26 +0000 (-0400)
Subject: cvsimport: shell-quote variable used in backticks
X-Git-Tag: v2.10.5~2^2
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/5b4efea666951efe0770f8d5a301f8917015315f

cvsimport: shell-quote variable used in backticks

We run `git rev-parse` though the shell, and quote its
argument only with single-quotes. This prevents most
metacharacters from being a problem, but misses the obvious
case when $name itself has single-quotes in it. We can fix
this by applying the usual shell-quoting formula.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/git-cvsimport.perl b/git-cvsimport.perl
index 1e4e65a45d..36929921ea 100755
--- a/git-cvsimport.perl
+++ b/git-cvsimport.perl
@@ -642,6 +642,7 @@ sub is_sha1 {
 
 sub get_headref ($) {
 	my $name = shift;
+	$name =~ s/'/'\\''/;
 	my $r = `git rev-parse --verify '$name' 2>/dev/null`;
 	return undef unless $? == 0;
 	chomp $r;