|  9a8606465e Remove the use of run_git_unquoted() completely with a use of "sh -c"
suggested by Jeff King, i.e.:
    sh -c '"$@" 2>/dev/null' -- echo sneaky 'argument;id'
I don't think this is needed now for any potential RCE issue. The
$remotename argument is ultimately picked by the local user (and
similarly, the $local variable comes from a user-supplied
refspec).
But completely eliminating the use of unquoted shell arguments has a
value in and of itself, by making the code easier to review. As noted
in an earlier commit I think the use of IPC::Open3 would be too
verbose here, but this "sh -c" trick strikes the right balance between
readability and semantic sanity.
Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
|---|---|---|
| .. | ||
| Git | ||
| bin-wrapper | ||
| t | ||
| .gitignore | ||
| .perlcriticrc | ||
| Makefile | ||
| git-mw.perl | ||
| git-remote-mediawiki.perl | ||
| git-remote-mediawiki.txt | ||