Page MenuHomePhorge

Fix incorrect quoting of author in 'arc patch'
ClosedPublic

Authored by ldanna on Oct 17 2021, 20:02.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 24, 05:27
Unknown Object (File)
Wed, Mar 20, 09:45
Unknown Object (File)
Tue, Mar 19, 21:11
Unknown Object (File)
Thu, Mar 14, 05:55
Unknown Object (File)
Thu, Mar 14, 05:54
Unknown Object (File)
Sat, Mar 9, 19:42
Unknown Object (File)
Sat, Mar 9, 19:25
Unknown Object (File)
Fri, Mar 1, 02:09

Details

Summary

Author field is formatted with csprintf, which would be appropriate
if the resulting string was concatenated into a shell command as a
string -- but because the flags are passed as a vector of strings
and not parsed by the shell, this results in extraneous shell
quoting making it into to author field. In particular this
renders my name as D'\''Anna instead of D'Anna

Test Plan

Performed 'arc patch' with and without these changes, confirmed
that my apostrophe was no longer mangled by shell quotes in the
resulting commit.

Diff Detail

Repository
rARC Arcanist
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ldanna requested review of this revision.Oct 17 2021, 20:02

I feel like this is a good change. I do not see any security vulnerabilities that could be introduced by this..

I will let everyone else chime in as shell escaping code is an attack vector

This revision is now accepted and ready to land.Oct 22 2021, 15:48

Thank you for submitting this change!

@speck thanks, how do I land the change?