From: Johannes Sixt <j6t@kdbg.org>
Date: Thu, 20 Mar 2025 19:00:57 +0000 (+0100)
Subject: gitk: sanitize 'open' arguments: simple commands with redirections
X-Git-Tag: v2.43.7~4^2~2^2~1^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=42a64b41a7a3d01a62f0f34f75bee2bbd00be46f;p=thirdparty%2Fgit.git

gitk: sanitize 'open' arguments: simple commands with redirections

As in the previous commits, introduce a function that sanitizes
arguments intended for the process and in addition allows to pass
redirections, which are passed to Tcl's 'open' verbatim.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---

diff --git a/gitk b/gitk
index aba8ef63dc..68d6bfd61f 100755
--- a/gitk
+++ b/gitk
@@ -66,6 +66,15 @@ proc safe_open_command {cmd} {
     open |[make_arglist_safe $cmd] r
 }
 
+# opens a command pipeline for reading with redirections
+# cmd is a list that specifies the command and its arguments
+# redir is a list that specifies redirections
+# calls `open` and returns the file id
+proc safe_open_command_redirect {cmd redir} {
+    set cmd [make_arglist_safe $cmd]
+    open |[concat $cmd $redir] r
+}
+
 # End exec/open wrappers
 
 proc hasworktree {} {
@@ -9906,8 +9915,8 @@ proc resethead {} {
     bind $w <Visibility> "grab $w; focus $w"
     tkwait window $w
     if {!$confirm_ok} return
-    if {[catch {set fd [open \
-            [list | git reset --$resettype $rowmenuid 2>@1] r]} err]} {
+    if {[catch {set fd [safe_open_command_redirect \
+            [list git reset --$resettype $rowmenuid] [list 2>@1]]} err]} {
         error_popup $err
     } else {
         dohidelocalchanges
@@ -9978,7 +9987,7 @@ proc cobranch {} {
 
     # check the tree is clean first??
     set newhead $headmenuhead
-    set command [list | git checkout]
+    set command [list git checkout]
     if {[string match "remotes/*" $newhead]} {
         set remote $newhead
         set newhead [string range $newhead [expr [string last / $newhead] + 1] end]
@@ -9992,12 +10001,11 @@ proc cobranch {} {
     } else {
         lappend command $newhead
     }
-    lappend command 2>@1
     nowbusy checkout [mc "Checking out"]
     update
     dohidelocalchanges
     if {[catch {
-        set fd [open $command r]
+        set fd [safe_open_command_redirect $command [list 2>@1]]
     } err]} {
         notbusy checkout
         error_popup $err