X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/6646841fa2c659153c44f73c0da846ef9829b8be..689106ad3a24850543c7855b8531a1bf8dcfdb63:/doc/plugins/contrib/cvs/discussion.mdwn?ds=sidebyside diff --git a/doc/plugins/contrib/cvs/discussion.mdwn b/doc/plugins/contrib/cvs/discussion.mdwn index e142452d0..155a2289d 100644 --- a/doc/plugins/contrib/cvs/discussion.mdwn +++ b/doc/plugins/contrib/cvs/discussion.mdwn @@ -93,3 +93,51 @@ the "cvs add " call and avoid doing anything in that case? >>> if a configured post-commit hook is missing, and it seems fine, >>> probably also thanks to IPC::Cmd. >>> --[[schmonz]] + +---- + + +Further review.. --[[Joey]] + +I don't understand what `cvs_shquote_commit` is +trying to do with the test message, but it seems +highly likely to be insecure; I never trust anything +that relies on safely quoting user input passed to the shell. + +(As an aside, `shell_quote` can die on certian inputs.) + +Seems to me that, if `IPC::Cmd` exposes input to the shell +(which I have not verified but its docs don't specify; a bad sign) +you chose the wrong tool and ended up doing down the wrong +route, dragging in shell quoting problems and fixes. Since you +chose to use `IPC::Cmd` just because you wanted to shut +up CVS stderr, my suggestion would be to use plain `system` +to run the command, with stderr temporarily sent to /dev/null: + + open(my $savederr, ">&STDERR"); + open(STDERR, ">", "/dev/null"); + my $ret=system("cvs", "-Q", @_); + open(STDERR, ">$savederr"); + +`cvs_runcvs` should not take an array reference. It's +usual for this type of function to take a list of parameters +to pass to the command. + +> Thanks for reading carefully. I've tested your suggestions and +> applied them on my branch. --[[schmonz]] + +---- + +I've abstracted out CVS's involvement in the wrapper, adding a new +"wrapperargcheck" hook to examine `argc/argv` and return success or +failure (failure causes the wrapper to terminate) and implementing +this hook in the plugin. In the non-CVS case, the check immediately +returns success, so the added overhead is just a function call. + +Given how rarely anything should need to reach in and modify the +wrapper -- I'd go so far as to say we shouldn't make it too easy +-- I don't think it's worth the effort to try and design a more +general-purpose way to do so. If and when some other problem thinks +it wants to be solved by a new wrapper hook, it's easy enough to add +one. Until then, I'd say it's more important to keep the wrapper as +short and clear as possible. --[[schmonz]]