From: Simon McVittie <smcv@debian.org>
Date: Wed, 28 Dec 2016 19:35:14 +0000 (+0000)
Subject: git: write proposed attachment to temp file without going via system()
X-Git-Tag: debian/3.20161229~4
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/4ad4fc33b52c7a2636eec810ca280efe65497fc9

git: write proposed attachment to temp file without going via system()
---

diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm
index 333b4ac87..0ee49416b 100644
--- a/IkiWiki/Plugin/git.pm
+++ b/IkiWiki/Plugin/git.pm
@@ -221,6 +221,11 @@ sub safe_git {
 			chdir $git_dir_stack[0]
 			    or error("cannot chdir to $git_dir_stack[0]: $!");
 		}
+
+		if ($params{stdout}) {
+			open(STDOUT, '>&', $params{stdout}) or error("Cannot reopen stdout: $!");
+		}
+
 		exec @{$params{cmdline}} or error("Cannot exec '@{$params{cmdline}}': $!");
 	}
 	# In parent.
@@ -958,11 +963,11 @@ sub git_parse_changes {
 				die $@ if $@;
 				my $fh;
 				($fh, $path)=File::Temp::tempfile(undef, UNLINK => 1);
-				my $cmd = "cd $git_dir_stack[0] && ".
-				          "git show $detail->{sha1_to} > '$path'";
-				if (system($cmd) != 0) {
-					error("failed writing temp file '$path'.");
-				}
+				safe_git(
+					error_handler => sub { error("failed writing temp file '$path': ".shift."."); },
+					stdout => $fh,
+					cmdline => ['git', 'show', $detail->{sha1_to}],
+				);
 			}
 
 			push @rets, {