From: Jean-Philippe Lang Date: Sat, 18 Dec 2010 18:12:12 +0000 (+0000) Subject: Fixed that some arguments where not properly escaped in scm adapters. X-Git-Tag: 1.1.0~61 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7d7c67dabad1ad7d50bade26a0f6316e13868ea6;p=redmine.git Fixed that some arguments where not properly escaped in scm adapters. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4539 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/lib/redmine/scm/adapters/bazaar_adapter.rb b/lib/redmine/scm/adapters/bazaar_adapter.rb index 3c6bdf542..a04c3491c 100644 --- a/lib/redmine/scm/adapters/bazaar_adapter.rb +++ b/lib/redmine/scm/adapters/bazaar_adapter.rb @@ -74,10 +74,10 @@ module Redmine def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={}) path ||= '' - identifier_from = 'last:1' unless identifier_from and identifier_from.to_i > 0 - identifier_to = 1 unless identifier_to and identifier_to.to_i > 0 + identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : 'last:1' + identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : 1 revisions = Revisions.new - cmd = "#{BZR_BIN} log -v --show-ids -r#{identifier_to.to_i}..#{identifier_from} #{target(path)}" + cmd = "#{BZR_BIN} log -v --show-ids -r#{identifier_to}..#{identifier_from} #{target(path)}" shellout(cmd) do |io| revision = nil parsing = nil @@ -140,6 +140,9 @@ module Redmine else identifier_to = identifier_from.to_i - 1 end + if identifier_from + identifier_from = identifier_from.to_i + end cmd = "#{BZR_BIN} diff -r#{identifier_to}..#{identifier_from} #{target(path)}" diff = [] shellout(cmd) do |io| diff --git a/lib/redmine/scm/adapters/cvs_adapter.rb b/lib/redmine/scm/adapters/cvs_adapter.rb index fc8d56f83..0cdc2fc93 100644 --- a/lib/redmine/scm/adapters/cvs_adapter.rb +++ b/lib/redmine/scm/adapters/cvs_adapter.rb @@ -63,7 +63,7 @@ module Redmine logger.debug " entries '#{path}' with identifier '#{identifier}'" path_with_project="#{url}#{with_leading_slash(path)}" entries = Entries.new - cmd = "#{CVS_BIN} -d #{root_url} rls -e" + cmd = "#{CVS_BIN} -d #{shell_quote root_url} rls -e" cmd << " -D \"#{time_to_cvstime(identifier)}\"" if identifier cmd << " #{shell_quote path_with_project}" shellout(cmd) do |io| @@ -108,7 +108,7 @@ module Redmine logger.debug " revisions path:'#{path}',identifier_from #{identifier_from}, identifier_to #{identifier_to}" path_with_project="#{url}#{with_leading_slash(path)}" - cmd = "#{CVS_BIN} -d #{root_url} rlog" + cmd = "#{CVS_BIN} -d #{shell_quote root_url} rlog" cmd << " -d\">#{time_to_cvstime(identifier_from)}\"" if identifier_from cmd << " #{shell_quote path_with_project}" shellout(cmd) do |io| @@ -229,7 +229,7 @@ module Redmine def diff(path, identifier_from, identifier_to=nil) logger.debug " diff path:'#{path}',identifier_from #{identifier_from}, identifier_to #{identifier_to}" path_with_project="#{url}#{with_leading_slash(path)}" - cmd = "#{CVS_BIN} -d #{root_url} rdiff -u -r#{identifier_to} -r#{identifier_from} #{shell_quote path_with_project}" + cmd = "#{CVS_BIN} -d #{shell_quote root_url} rdiff -u -r#{identifier_to.to_i} -r#{identifier_from.to_i} #{shell_quote path_with_project}" diff = [] shellout(cmd) do |io| io.each_line do |line| @@ -244,7 +244,7 @@ module Redmine identifier = (identifier) ? identifier : "HEAD" logger.debug " cat path:'#{path}',identifier #{identifier}" path_with_project="#{url}#{with_leading_slash(path)}" - cmd = "#{CVS_BIN} -d #{root_url} co" + cmd = "#{CVS_BIN} -d #{shell_quote root_url} co" cmd << " -D \"#{time_to_cvstime(identifier)}\"" if identifier cmd << " -p #{shell_quote path_with_project}" cat = nil @@ -256,10 +256,10 @@ module Redmine end def annotate(path, identifier=nil) - identifier = (identifier) ? identifier : "HEAD" + identifier = (identifier) ? identifier.to_i : "HEAD" logger.debug " annotate path:'#{path}',identifier #{identifier}" path_with_project="#{url}#{with_leading_slash(path)}" - cmd = "#{CVS_BIN} -d #{root_url} rannotate -r#{identifier} #{shell_quote path_with_project}" + cmd = "#{CVS_BIN} -d #{shell_quote root_url} rannotate -r#{identifier} #{shell_quote path_with_project}" blame = Annotate.new shellout(cmd) do |io| io.each_line do |line| diff --git a/lib/redmine/scm/adapters/darcs_adapter.rb b/lib/redmine/scm/adapters/darcs_adapter.rb index 1cf792fb8..ecc69a4e9 100644 --- a/lib/redmine/scm/adapters/darcs_adapter.rb +++ b/lib/redmine/scm/adapters/darcs_adapter.rb @@ -66,7 +66,7 @@ module Redmine path_prefix = (path.blank? ? '' : "#{path}/") path = '.' if path.blank? entries = Entries.new - cmd = "#{DARCS_BIN} annotate --repodir #{@url} --xml-output" + cmd = "#{DARCS_BIN} annotate --repodir #{shell_quote @url} --xml-output" cmd << " --match #{shell_quote("hash #{identifier}")}" if identifier cmd << " #{shell_quote path}" shellout(cmd) do |io| @@ -90,7 +90,7 @@ module Redmine def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={}) path = '.' if path.blank? revisions = Revisions.new - cmd = "#{DARCS_BIN} changes --repodir #{@url} --xml-output" + cmd = "#{DARCS_BIN} changes --repodir #{shell_quote @url} --xml-output" cmd << " --from-match #{shell_quote("hash #{identifier_from}")}" if identifier_from cmd << " --last #{options[:limit].to_i}" if options[:limit] shellout(cmd) do |io| @@ -116,7 +116,7 @@ module Redmine def diff(path, identifier_from, identifier_to=nil) path = '*' if path.blank? - cmd = "#{DARCS_BIN} diff --repodir #{@url}" + cmd = "#{DARCS_BIN} diff --repodir #{shell_quote @url}" if identifier_to.nil? cmd << " --match #{shell_quote("hash #{identifier_from}")}" else @@ -135,7 +135,7 @@ module Redmine end def cat(path, identifier=nil) - cmd = "#{DARCS_BIN} show content --repodir #{@url}" + cmd = "#{DARCS_BIN} show content --repodir #{shell_quote @url}" cmd << " --match #{shell_quote("hash #{identifier}")}" if identifier cmd << " #{shell_quote path}" cat = nil @@ -170,7 +170,7 @@ module Redmine # Retrieve changed paths for a single patch def get_paths_for_patch(hash) - cmd = "#{DARCS_BIN} annotate --repodir #{@url} --summary --xml-output" + cmd = "#{DARCS_BIN} annotate --repodir #{shell_quote @url} --summary --xml-output" cmd << " --match #{shell_quote("hash #{hash}")} " paths = [] shellout(cmd) do |io| diff --git a/lib/redmine/scm/adapters/git_adapter.rb b/lib/redmine/scm/adapters/git_adapter.rb index e801f22f7..7901f23d6 100644 --- a/lib/redmine/scm/adapters/git_adapter.rb +++ b/lib/redmine/scm/adapters/git_adapter.rb @@ -117,7 +117,7 @@ module Redmine cmd = "#{GIT_BIN} --git-dir #{target('')} log --no-color --raw --date=iso --pretty=fuller " cmd << " --reverse " if options[:reverse] cmd << " --all " if options[:all] - cmd << " -n #{options[:limit]} " if options[:limit] + cmd << " -n #{options[:limit].to_i} " if options[:limit] cmd << "#{shell_quote(identifier_from + '..')}" if identifier_from cmd << "#{shell_quote identifier_to}" if identifier_to cmd << " --since=#{shell_quote(options[:since].strftime("%Y-%m-%d %H:%M:%S"))}" if options[:since] diff --git a/lib/redmine/scm/adapters/mercurial_adapter.rb b/lib/redmine/scm/adapters/mercurial_adapter.rb index b47650190..7ee3333d8 100644 --- a/lib/redmine/scm/adapters/mercurial_adapter.rb +++ b/lib/redmine/scm/adapters/mercurial_adapter.rb @@ -80,7 +80,7 @@ module Redmine path ||= '' entries = Entries.new cmd = "#{HG_BIN} -R #{target('')} --cwd #{target('')} locate" - cmd << " -r " + (identifier ? identifier.to_s : "tip") + cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip") cmd << " " + shell_quote("path:#{path}") unless path.empty? shellout(cmd) do |io| io.each_line do |line| @@ -112,7 +112,7 @@ module Redmine cmd << " -r #{identifier_from.to_i}:" end cmd << " --limit #{options[:limit].to_i}" if options[:limit] - cmd << " #{path}" if path + cmd << " #{shell_quote path}" if path shellout(cmd) do |io| begin # HG doesn't close the XML Document... @@ -157,6 +157,9 @@ module Redmine else identifier_to = identifier_from.to_i - 1 end + if identifier_from + identifier_from = identifier_from.to_i + end cmd = "#{HG_BIN} -R #{target('')} diff -r #{identifier_to} -r #{identifier_from} --nodates" cmd << " -I #{target(path)}" unless path.empty? diff = [] @@ -171,7 +174,7 @@ module Redmine def cat(path, identifier=nil) cmd = "#{HG_BIN} -R #{target('')} cat" - cmd << " -r " + (identifier ? identifier.to_s : "tip") + cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip") cmd << " #{target(path)}" cat = nil shellout(cmd) do |io| @@ -186,7 +189,7 @@ module Redmine path ||= '' cmd = "#{HG_BIN} -R #{target('')}" cmd << " annotate -n -u" - cmd << " -r " + (identifier ? identifier.to_s : "tip") + cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip") cmd << " -r #{identifier.to_i}" if identifier cmd << " #{target(path)}" blame = Annotate.new diff --git a/lib/redmine/scm/adapters/subversion_adapter.rb b/lib/redmine/scm/adapters/subversion_adapter.rb index f887df632..b4702cc2e 100644 --- a/lib/redmine/scm/adapters/subversion_adapter.rb +++ b/lib/redmine/scm/adapters/subversion_adapter.rb @@ -135,8 +135,8 @@ module Redmine def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={}) path ||= '' - identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : "HEAD" - identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : 1 + identifier_from = (identifier_from && identifier_from.to_i > 0) ? identifier_from.to_i : "HEAD" + identifier_to = (identifier_to && identifier_to.to_i > 0) ? identifier_to.to_i : 1 revisions = Revisions.new cmd = "#{SVN_BIN} log --xml -r #{identifier_from}:#{identifier_to}" cmd << credentials_string