[Erik Stambaugh]

Problems addressed:

1. possible security issue when opening a subshell for
co and rcsdiff

2. filenames/paths with unusual but benign characters
(e.g., spaces) fail checkout

Changes:

1. 'new FileHandle' lines replaced with three-option
open(), to open the pipe without a subshell that might
interpret bad characters

2. a new sub, 'cleanstring,' escapes some characters
and drops others

3. a couple of minor (pedantic) spelling/punctuation
changes

Possible new(ish) problems:

1. Some characters (|&!`;$%<> and control characters)
are now dropped rather than passed to co or rcsdiff.
Anyone using these in their file names will not be able
to access them (these characters don't belong in file
names IMO). For some characters, these files may have
worked before the patch. This can easily be changed if
there's a need for it.

2. FileHandle is no longer called to generate the file
handle refs. If there is a reason for calling it
instead of open() that escapes me, then there's now a
problem. Otherwise everything seems to be Just Fine
without it.

3. There _might_ be a problem with older versions of
Perl which cannot handle fork() on some systems (like
Windows). If it is a problem on these systems, perl
version 5.6+ is supposed to alleviate it.

I tested this patch on both Debian x86 and
Solaris/SPARC servers, and they work fine for me. Code
critiques, changes, complaints, and personal attacks
are welcome.

pipe handle patch

Logged In: YES
user_id=215386

Fixed in latest CVS

• assigned_to: nobody --> mbox
• status: open --> closed-fixed

Logged In: YES
user_id=215386

Fixed in latest CVS