[Lxr-dev] [ lxr-Patches-594351 ] file escape and pipe handle in CVS.pm
Brought to you by:
ajlittoz
Menu
▾
▴
[Lxr-dev] [ lxr-Patches-594351 ] file escape and pipe handle in CVS.pm
|
From: <no...@so...> - 2002-08-13 01:37:46
|
Patches item #594351, was opened at 2002-08-12 18:37 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=390119&aid=594351&group_id=27350 Category: File backends Group: Bugfix Status: Open Resolution: None Priority: 5 Submitted By: Erik Stambaugh (not_erik) Assigned to: Nobody/Anonymous (nobody) Summary: file escape and pipe handle in CVS.pm Initial Comment: Problems addressed: 1. possible security issue when opening a subshell for co and rcsdiff 2. filenames/paths with unusual but benign characters (e.g., spaces) fail checkout Changes: 1. 'new FileHandle' lines replaced with three-option open(), to open the pipe without a subshell that might interpret bad characters 2. a new sub, 'cleanstring,' escapes some characters and drops others 3. a couple of minor (pedantic) spelling/punctuation changes Possible new(ish) problems: 1. Some characters (|&!`;$%<> and control characters) are now dropped rather than passed to co or rcsdiff. Anyone using these in their file names will not be able to access them (these characters don't belong in file names IMO). For some characters, these files may have worked before the patch. This can easily be changed if there's a need for it. 2. FileHandle is no longer called to generate the file handle refs. If there is a reason for calling it instead of open() that escapes me, then there's now a problem. Otherwise everything seems to be Just Fine without it. 3. There _might_ be a problem with older versions of Perl which cannot handle fork() on some systems (like Windows). If it is a problem on these systems, perl version 5.6+ is supposed to alleviate it. I tested this patch on both Debian x86 and Solaris/SPARC servers, and they work fine for me. Code critiques, changes, complaints, and personal attacks are welcome. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=390119&aid=594351&group_id=27350 |
