summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2010-12-18 18:12:12 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2010-12-18 18:12:12 +0000
commit7d7c67dabad1ad7d50bade26a0f6316e13868ea6 (patch)
treec000056368f505796002b151cb8ccaa5605f025e
parenta7595ec19154427bf38812208ac8443c2dca5462 (diff)
downloadredmine-7d7c67dabad1ad7d50bade26a0f6316e13868ea6.tar.gz
redmine-7d7c67dabad1ad7d50bade26a0f6316e13868ea6.zip
Fixed that some arguments where not properly escaped in scm adapters.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4539 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--lib/redmine/scm/adapters/bazaar_adapter.rb9
-rw-r--r--lib/redmine/scm/adapters/cvs_adapter.rb12
-rw-r--r--lib/redmine/scm/adapters/darcs_adapter.rb10
-rw-r--r--lib/redmine/scm/adapters/git_adapter.rb2
-rw-r--r--lib/redmine/scm/adapters/mercurial_adapter.rb11
-rw-r--r--lib/redmine/scm/adapters/subversion_adapter.rb4
6 files changed, 27 insertions, 21 deletions
diff --git a/lib/redmine/scm/adapters/bazaar_adapter.rb b/lib/redmine/scm/adapters/bazaar_adapter.rb
index 3c6bdf542..a04c3491c 100644
--- a/lib/redmine/scm/adapters/bazaar_adapter.rb
+++ b/lib/redmine/scm/adapters/bazaar_adapter.rb
@@ -74,10 +74,10 @@ module Redmine
def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={})
path ||= ''
- identifier_from = 'last:1' unless identifier_from and identifier_from.to_i > 0
- identifier_to = 1 unless identifier_to and identifier_to.to_i > 0
+ identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : 'last:1'
+ identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : 1
revisions = Revisions.new
- cmd = "#{BZR_BIN} log -v --show-ids -r#{identifier_to.to_i}..#{identifier_from} #{target(path)}"
+ cmd = "#{BZR_BIN} log -v --show-ids -r#{identifier_to}..#{identifier_from} #{target(path)}"
shellout(cmd) do |io|
revision = nil
parsing = nil
@@ -140,6 +140,9 @@ module Redmine
else
identifier_to = identifier_from.to_i - 1
end
+ if identifier_from
+ identifier_from = identifier_from.to_i
+ end
cmd = "#{BZR_BIN} diff -r#{identifier_to}..#{identifier_from} #{target(path)}"
diff = []
shellout(cmd) do |io|
diff --git a/lib/redmine/scm/adapters/cvs_adapter.rb b/lib/redmine/scm/adapters/cvs_adapter.rb
index fc8d56f83..0cdc2fc93 100644
--- a/lib/redmine/scm/adapters/cvs_adapter.rb
+++ b/lib/redmine/scm/adapters/cvs_adapter.rb
@@ -63,7 +63,7 @@ module Redmine
logger.debug "<cvs> entries '#{path}' with identifier '#{identifier}'"
path_with_project="#{url}#{with_leading_slash(path)}"
entries = Entries.new
- cmd = "#{CVS_BIN} -d #{root_url} rls -e"
+ cmd = "#{CVS_BIN} -d #{shell_quote root_url} rls -e"
cmd << " -D \"#{time_to_cvstime(identifier)}\"" if identifier
cmd << " #{shell_quote path_with_project}"
shellout(cmd) do |io|
@@ -108,7 +108,7 @@ module Redmine
logger.debug "<cvs> revisions path:'#{path}',identifier_from #{identifier_from}, identifier_to #{identifier_to}"
path_with_project="#{url}#{with_leading_slash(path)}"
- cmd = "#{CVS_BIN} -d #{root_url} rlog"
+ cmd = "#{CVS_BIN} -d #{shell_quote root_url} rlog"
cmd << " -d\">#{time_to_cvstime(identifier_from)}\"" if identifier_from
cmd << " #{shell_quote path_with_project}"
shellout(cmd) do |io|
@@ -229,7 +229,7 @@ module Redmine
def diff(path, identifier_from, identifier_to=nil)
logger.debug "<cvs> diff path:'#{path}',identifier_from #{identifier_from}, identifier_to #{identifier_to}"
path_with_project="#{url}#{with_leading_slash(path)}"
- cmd = "#{CVS_BIN} -d #{root_url} rdiff -u -r#{identifier_to} -r#{identifier_from} #{shell_quote path_with_project}"
+ cmd = "#{CVS_BIN} -d #{shell_quote root_url} rdiff -u -r#{identifier_to.to_i} -r#{identifier_from.to_i} #{shell_quote path_with_project}"
diff = []
shellout(cmd) do |io|
io.each_line do |line|
@@ -244,7 +244,7 @@ module Redmine
identifier = (identifier) ? identifier : "HEAD"
logger.debug "<cvs> cat path:'#{path}',identifier #{identifier}"
path_with_project="#{url}#{with_leading_slash(path)}"
- cmd = "#{CVS_BIN} -d #{root_url} co"
+ cmd = "#{CVS_BIN} -d #{shell_quote root_url} co"
cmd << " -D \"#{time_to_cvstime(identifier)}\"" if identifier
cmd << " -p #{shell_quote path_with_project}"
cat = nil
@@ -256,10 +256,10 @@ module Redmine
end
def annotate(path, identifier=nil)
- identifier = (identifier) ? identifier : "HEAD"
+ identifier = (identifier) ? identifier.to_i : "HEAD"
logger.debug "<cvs> annotate path:'#{path}',identifier #{identifier}"
path_with_project="#{url}#{with_leading_slash(path)}"
- cmd = "#{CVS_BIN} -d #{root_url} rannotate -r#{identifier} #{shell_quote path_with_project}"
+ cmd = "#{CVS_BIN} -d #{shell_quote root_url} rannotate -r#{identifier} #{shell_quote path_with_project}"
blame = Annotate.new
shellout(cmd) do |io|
io.each_line do |line|
diff --git a/lib/redmine/scm/adapters/darcs_adapter.rb b/lib/redmine/scm/adapters/darcs_adapter.rb
index 1cf792fb8..ecc69a4e9 100644
--- a/lib/redmine/scm/adapters/darcs_adapter.rb
+++ b/lib/redmine/scm/adapters/darcs_adapter.rb
@@ -66,7 +66,7 @@ module Redmine
path_prefix = (path.blank? ? '' : "#{path}/")
path = '.' if path.blank?
entries = Entries.new
- cmd = "#{DARCS_BIN} annotate --repodir #{@url} --xml-output"
+ cmd = "#{DARCS_BIN} annotate --repodir #{shell_quote @url} --xml-output"
cmd << " --match #{shell_quote("hash #{identifier}")}" if identifier
cmd << " #{shell_quote path}"
shellout(cmd) do |io|
@@ -90,7 +90,7 @@ module Redmine
def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={})
path = '.' if path.blank?
revisions = Revisions.new
- cmd = "#{DARCS_BIN} changes --repodir #{@url} --xml-output"
+ cmd = "#{DARCS_BIN} changes --repodir #{shell_quote @url} --xml-output"
cmd << " --from-match #{shell_quote("hash #{identifier_from}")}" if identifier_from
cmd << " --last #{options[:limit].to_i}" if options[:limit]
shellout(cmd) do |io|
@@ -116,7 +116,7 @@ module Redmine
def diff(path, identifier_from, identifier_to=nil)
path = '*' if path.blank?
- cmd = "#{DARCS_BIN} diff --repodir #{@url}"
+ cmd = "#{DARCS_BIN} diff --repodir #{shell_quote @url}"
if identifier_to.nil?
cmd << " --match #{shell_quote("hash #{identifier_from}")}"
else
@@ -135,7 +135,7 @@ module Redmine
end
def cat(path, identifier=nil)
- cmd = "#{DARCS_BIN} show content --repodir #{@url}"
+ cmd = "#{DARCS_BIN} show content --repodir #{shell_quote @url}"
cmd << " --match #{shell_quote("hash #{identifier}")}" if identifier
cmd << " #{shell_quote path}"
cat = nil
@@ -170,7 +170,7 @@ module Redmine
# Retrieve changed paths for a single patch
def get_paths_for_patch(hash)
- cmd = "#{DARCS_BIN} annotate --repodir #{@url} --summary --xml-output"
+ cmd = "#{DARCS_BIN} annotate --repodir #{shell_quote @url} --summary --xml-output"
cmd << " --match #{shell_quote("hash #{hash}")} "
paths = []
shellout(cmd) do |io|
diff --git a/lib/redmine/scm/adapters/git_adapter.rb b/lib/redmine/scm/adapters/git_adapter.rb
index e801f22f7..7901f23d6 100644
--- a/lib/redmine/scm/adapters/git_adapter.rb
+++ b/lib/redmine/scm/adapters/git_adapter.rb
@@ -117,7 +117,7 @@ module Redmine
cmd = "#{GIT_BIN} --git-dir #{target('')} log --no-color --raw --date=iso --pretty=fuller "
cmd << " --reverse " if options[:reverse]
cmd << " --all " if options[:all]
- cmd << " -n #{options[:limit]} " if options[:limit]
+ cmd << " -n #{options[:limit].to_i} " if options[:limit]
cmd << "#{shell_quote(identifier_from + '..')}" if identifier_from
cmd << "#{shell_quote identifier_to}" if identifier_to
cmd << " --since=#{shell_quote(options[:since].strftime("%Y-%m-%d %H:%M:%S"))}" if options[:since]
diff --git a/lib/redmine/scm/adapters/mercurial_adapter.rb b/lib/redmine/scm/adapters/mercurial_adapter.rb
index b47650190..7ee3333d8 100644
--- a/lib/redmine/scm/adapters/mercurial_adapter.rb
+++ b/lib/redmine/scm/adapters/mercurial_adapter.rb
@@ -80,7 +80,7 @@ module Redmine
path ||= ''
entries = Entries.new
cmd = "#{HG_BIN} -R #{target('')} --cwd #{target('')} locate"
- cmd << " -r " + (identifier ? identifier.to_s : "tip")
+ cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip")
cmd << " " + shell_quote("path:#{path}") unless path.empty?
shellout(cmd) do |io|
io.each_line do |line|
@@ -112,7 +112,7 @@ module Redmine
cmd << " -r #{identifier_from.to_i}:"
end
cmd << " --limit #{options[:limit].to_i}" if options[:limit]
- cmd << " #{path}" if path
+ cmd << " #{shell_quote path}" if path
shellout(cmd) do |io|
begin
# HG doesn't close the XML Document...
@@ -157,6 +157,9 @@ module Redmine
else
identifier_to = identifier_from.to_i - 1
end
+ if identifier_from
+ identifier_from = identifier_from.to_i
+ end
cmd = "#{HG_BIN} -R #{target('')} diff -r #{identifier_to} -r #{identifier_from} --nodates"
cmd << " -I #{target(path)}" unless path.empty?
diff = []
@@ -171,7 +174,7 @@ module Redmine
def cat(path, identifier=nil)
cmd = "#{HG_BIN} -R #{target('')} cat"
- cmd << " -r " + (identifier ? identifier.to_s : "tip")
+ cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip")
cmd << " #{target(path)}"
cat = nil
shellout(cmd) do |io|
@@ -186,7 +189,7 @@ module Redmine
path ||= ''
cmd = "#{HG_BIN} -R #{target('')}"
cmd << " annotate -n -u"
- cmd << " -r " + (identifier ? identifier.to_s : "tip")
+ cmd << " -r " + shell_quote(identifier ? identifier.to_s : "tip")
cmd << " -r #{identifier.to_i}" if identifier
cmd << " #{target(path)}"
blame = Annotate.new
diff --git a/lib/redmine/scm/adapters/subversion_adapter.rb b/lib/redmine/scm/adapters/subversion_adapter.rb
index f887df632..b4702cc2e 100644
--- a/lib/redmine/scm/adapters/subversion_adapter.rb
+++ b/lib/redmine/scm/adapters/subversion_adapter.rb
@@ -135,8 +135,8 @@ module Redmine
def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={})
path ||= ''
- identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : "HEAD"
- identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : 1
+ identifier_from = (identifier_from && identifier_from.to_i > 0) ? identifier_from.to_i : "HEAD"
+ identifier_to = (identifier_to && identifier_to.to_i > 0) ? identifier_to.to_i : 1
revisions = Revisions.new
cmd = "#{SVN_BIN} log --xml -r #{identifier_from}:#{identifier_to}"
cmd << credentials_string