svn: properly escape arguments for authors-prog

Previously, the call to authors-prog was not properly escaped, so any
special characters in the Subversion username, such as spaces and
semi-colons, would be interpreted by the shell rather than being passed
in as the first argument.  Now all unsafe characters are escaped using
"git rev-parse --sq-quote"

[ew: switched from "\Q..\E" to "rev-parse --sq-quote"]

Signed-off-by: Mark Lodato <lodatom@gmail.com>
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/git-svn.perl b/git-svn.perl
index d0758107249f3743795d0961d36906452ac7d00a..24bdbf5b813ddd6c7f242189b9bb22fbe7dfff11 100755 (executable)
--- a/git-svn.perl
+++ b/git-svn.perl
@@ -2810,6 +2810,7 @@ sub other_gs {
 
 sub call_authors_prog {
        my ($orig_author) = @_;
+       $orig_author = command_oneline('rev-parse', '--sq-quote', $orig_author);
        my $author = `$::_authors_prog $orig_author`;
        if ($? != 0) {
                die "$::_authors_prog failed with exit code $?\n"

diff --git a/t/t9138-git-svn-authors-prog.sh b/t/t9138-git-svn-authors-prog.sh
index a4b00f2a3fcecab62aaabeedd0821e38f179019a..83cc5fc9d1a381ecd006fa0a203f22dea0825a82 100755 (executable)
--- a/t/t9138-git-svn-authors-prog.sh
+++ b/t/t9138-git-svn-authors-prog.sh
@@ -66,4 +66,18 @@ test_expect_success 'authors-file overrode authors-prog' '
        )
        '
 
+git --git-dir=x/.git config --unset svn.authorsfile
+git --git-dir=x/.git config --unset svn.authorsprog
+
+test_expect_success 'authors-prog handled special characters in username' '
+       svn mkdir -m bad --username "xyz; touch evil" "$svnrepo"/bad &&
+       (
+               cd x &&
+               git svn --authors-prog=../svn-authors-prog fetch &&
+               git rev-list -1 --pretty=raw refs/remotes/git-svn |
+               grep "^author xyz; touch evil <xyz; touch evil@example\.com> " &&
+               ! test -f evil
+       )
+'
+
 test_done