file escape and pipe handle in CVS.pm
Brought to you by:
ajlittoz
Menu
▾
▴
#27 file escape and pipe handle in CVS.pm
Problems addressed:
1. possible security issue when opening a subshell for
co and rcsdiff
2. filenames/paths with unusual but benign characters
(e.g., spaces) fail checkout
Changes:
1. 'new FileHandle' lines replaced with three-option
open(), to open the pipe without a subshell that might
interpret bad characters
2. a new sub, 'cleanstring,' escapes some characters
and drops others
3. a couple of minor (pedantic) spelling/punctuation
changes
Possible new(ish) problems:
1. Some characters (|&!`;$%<> and control characters)
are now dropped rather than passed to co or rcsdiff.
Anyone using these in their file names will not be able
to access them (these characters don't belong in file
names IMO). For some characters, these files may have
worked before the patch. This can easily be changed if
there's a need for it.
2. FileHandle is no longer called to generate the file
handle refs. If there is a reason for calling it
instead of open() that escapes me, then there's now a
problem. Otherwise everything seems to be Just Fine
without it.
3. There _might_ be a problem with older versions of
Perl which cannot handle fork() on some systems (like
Windows). If it is a problem on these systems, perl
version 5.6+ is supposed to alleviate it.
I tested this patch on both Debian x86 and
Solaris/SPARC servers, and they work fine for me. Code
critiques, changes, complaints, and personal attacks
are welcome.
pipe handle patch
Logged In: YES
user_id=215386
Fixed in latest CVS
Logged In: YES
user_id=215386
Fixed in latest CVS