[Sandweb-commit] CVS: sandweb/lib/SandWeb/Repository cvs.pm,1.42,1.43

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/sandweb/sandweb/lib/SandWeb/Repository
In directory sc8-pr-cvs1:/tmp/cvs-serv8043/lib/SandWeb/Repository

Modified Files:
	cvs.pm 
Log Message:
ah, another standalone binary that SandWeb depends on :)

This is a shell script that acts as CVSEDITOR.

So, instead of dealing with the security nightmare of passing the
commit message on the command line (cvs commit -m "$message"), now
we can just (CVSEDITOR=/usr/bin/sandweb-editor && export CVSEDITOR ) first,
and write the commit message to $sandweb_dir/commitmsg

This is very similar to the way we pass the VCS password to sandweb-expect
(that's where I got the inspiration from).


Index: cvs.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Repository/cvs.pm,v
retrieving revision 1.42
retrieving revision 1.43
diff -U2 -r1.42 -r1.43

--- cvs.pm	11 Feb 2003 06:37:24 -0000	1.42
+++ cvs.pm	4 Mar 2003 07:19:45 -0000	1.43
@@ -41,5 +41,5 @@
 =head1
 
-uses SandWeb::Diff, SandWeb::Shell, SandWeb::Security
+uses SandWeb::Diff, SandWeb::Shell, SandWeb::Security, SandWeb::File
 
 =cut
@@ -48,4 +48,5 @@
 use SandWeb::Shell;
 use SandWeb::Security;
+use SandWeb::File;
 
 =head1
@@ -669,7 +670,8 @@
 
 	my $log = $self->get_log();
+	my $users_dir = $self->get_users_dir();
         my %params = @{ $args{'params'}[0] };
 	my $recurse = $params{'recurse'};
-	my $unsafe_message = $params{'message'};
+	my $message = $params{'message'};
 	my $rev = $params{'rev'};
 	my $date = $params{'date'};
@@ -685,24 +687,27 @@
 	my %return;
 
-	if (!$unsafe_message) {
+	if (!$message) {
 		$output = "There must be a commit message.\n";
 	} else {
-		
-		# Security check 
-		my $secure = SandWeb::Security->new();
+		my $file_obj = SandWeb::File->new(
+			'log_obj' => $log,
+			'filename' => "commitmsg",
+			'location' => "$users_dir",
+		);
 
-		my $message = $secure->shell(
-			characters => "$unsafe_message"
+		$file_obj->file_write(
+			contents => "$message",
 		);
 
-		push @param, " -m \\\"$message\\\"";
 		if ($log) {
 			$log->debug("Performing commit operation");
+			$log->debug("Writing commit msg to $users_dir/commitmsg (temporarily)");
 			$log->debug("Params: @param");
-			$log->debug("File: $file");
+			$log->debug("File: " . $file_obj->get_filename() );
 		}
         	%return = $self->shell(
                 	'param' => join('', @param),
                 	'file' => "$file",
+			'file_obj' => $file_obj,
         	);
 	};
@@ -2548,4 +2553,5 @@
 	my $file = $args{'file'};
 	my $param = $args{'param'};
+	my $file_obj = $args{'file_obj'};
 
 	if ( $connection eq 'SSH' ) {
@@ -2573,6 +2579,11 @@
 
 	my %return = $shell->execute(
-		'command' => "cd $sandbox && CVS_RSH=$ssh_bin && export CVS_RSH && $cvs_bin -q -d $root $param \'$file\'",
+		'command' => "cd $sandbox && MESSAGE_FILE=\"$users_dir/commitmsg\" && export MESSAGE_FILE && CVSEDITOR=$bindir/sandweb-editor && export CVSEDITOR && CVS_RSH=$ssh_bin && export CVS_RSH && $cvs_bin -q -d $root $param \'$file\'",
 	);
+
+	if ($file_obj) {
+		$log->debug("Deleting temporary file");
+		$file_obj->delete();
+	}
 
 	return %return;



