Mercurial > kallithea
diff kallithea/lib/hooks.py @ 5182:0e2d450feb03
git: run external commands as list of strings so we really get correct quoting (Issue #135)
a6dfd14d4b20 from
https://bitbucket.org/conservancy/kallithea/pull-request/17/add-quotes-to-repo-urls-for-git-backend
fixed that issue but did not make it "safe". The vcs git backend still used
command strings but tried to quote them correctly ... but that approach is
almost impossible to get right.
Instead, pass a string list all the way to the subprocess module and let it do
the quoting. This also makes some of the code more simple.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Tue, 09 Jun 2015 22:53:24 +0200 |
| parents | dabdc356393b |
| children | 061ce7c3071a |
line wrap: on
line diff
--- a/kallithea/lib/hooks.py Sun May 31 21:39:22 2015 +0200 +++ b/kallithea/lib/hooks.py Tue Jun 09 22:53:24 2015 +0200 @@ -447,21 +447,21 @@ repo._repo.refs.set_symbolic_ref('HEAD', 'refs/heads/%s' % push_ref['name']) - cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'" + cmd = ['for-each-ref', '--format=%(refname)','refs/heads/*'] heads = repo.run_git_command(cmd)[0] + cmd = ['log', push_ref['new_rev'], + '--reverse', '--pretty=format:%H', '--not'] heads = heads.replace(push_ref['ref'], '') - heads = ' '.join(map(lambda c: c.strip('\n').strip(), - heads.splitlines())) - cmd = (('log %(new_rev)s' % push_ref) + - ' --reverse --pretty=format:"%H" --not ' + heads) + for l in heads.splitlines(): + cmd.append(l.strip()) git_revs += repo.run_git_command(cmd)[0].splitlines() elif push_ref['new_rev'] == EmptyChangeset().raw_id: #delete branch case git_revs += ['delete_branch=>%s' % push_ref['name']] else: - cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) + - ' --reverse --pretty=format:"%H"') + cmd = ['log', '%(old_rev)s..%(new_rev)s' % push_ref, + '--reverse', '--pretty=format:%H'] git_revs += repo.run_git_command(cmd)[0].splitlines() elif _type == 'tags':