git/contrib/mw-to-git
Ævar Arnfjörð Bjarmason 9a8606465e remote-mediawiki: use "sh" to eliminate unquoted commands
Remove the use of run_git_unquoted() completely with a use of "sh -c"
suggested by Jeff King, i.e.:

    sh -c '"$@" 2>/dev/null' -- echo sneaky 'argument;id'

I don't think this is needed now for any potential RCE issue. The
$remotename argument is ultimately picked by the local user (and
similarly, the $local variable comes from a user-supplied
refspec).

But completely eliminating the use of unquoted shell arguments has a
value in and of itself, by making the code easier to review. As noted
in an earlier commit I think the use of IPC::Open3 would be too
verbose here, but this "sh -c" trick strikes the right balance between
readability and semantic sanity.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-09-21 12:37:38 -07:00
..
bin-wrapper git-remote-mediawiki: add a git bin-wrapper for developement 2013-07-08 08:55:53 -07:00
Git remote-mediawiki: limit filenames to legal 2017-11-01 13:42:38 +09:00
t remote-mediawiki tests: annotate failing tests 2020-09-21 12:37:38 -07:00
.gitignore git-remote-mediawiki: ignore generated git-mw 2013-08-13 09:52:22 -07:00
.perlcriticrc Fix spelling errors in no-longer-updated-from-upstream modules 2019-11-10 16:00:55 +09:00
git-mw.perl remote-mediawiki doc: correct link to GitHub project 2020-09-16 16:11:53 -07:00
git-remote-mediawiki.perl remote-mediawiki: use "sh" to eliminate unquoted commands 2020-09-21 12:37:38 -07:00
git-remote-mediawiki.txt remote-mediawiki doc: correct link to GitHub project 2020-09-16 16:11:53 -07:00
Makefile perl: fix installing modules from contrib 2018-04-11 10:29:03 +09:00