From 8fe7861c5185248a5786e87af71e29000cd4f214 Mon Sep 17 00:00:00 2001
From: Mark Levedahl <mlevedahl@gmail.com>
Date: Fri, 11 Apr 2025 10:08:52 -0400
Subject: [PATCH] git-gui: assure PATH has only absolute elements.

Since 8f23432b38d9 (windows: ignore empty `PATH` elements, 2022-11-23),
git-gui excises all empty paths from $PATH, but still allows '.' or
other relative paths, which can also allow executing code from the
repository. Let's remove anything except absolute elements. While here,
let's remove duplicated elements, which are very common on Windows:
only the first such item can do anything except waste time repeating a
search.

Signed-off-by: Mark Levedahl <mlevedahl@gmail.com>
Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 git-gui.sh | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/git-gui.sh b/git-gui.sh
index 570c236f57..9ccd888930 100755
--- a/git-gui.sh
+++ b/git-gui.sh
@@ -88,10 +88,22 @@ proc _which {what args} {
 			set gitguidir [file dirname [info script]]
 			regsub -all ";" $gitguidir "\\;" gitguidir
 			set env(PATH) "$gitguidir;$env(PATH)"
-			set _search_path [split $env(PATH) {;}]
-			# Skip empty `PATH` elements
-			set _search_path [lsearch -all -inline -not -exact \
-				$_search_path ""]
+
+			set _path_seen [dict create]
+			foreach p [split $env(PATH) {;}] {
+				# Keep only absolute paths, getting rid of ., empty, etc.
+				if {[file pathtype $p] ne {absolute}} {
+					continue
+				}
+				# Keep only the first occurence of any duplicates.
+				set norm_p [file normalize $p]
+				if {[dict exists $_path_seen $norm_p]} {
+					continue
+				}
+				dict set _path_seen $norm_p 1
+				lappend _search_path $norm_p
+			}
+			unset _path_seen
 			set _search_exe .exe
 		} else {
 			set _search_path [split $env(PATH) :]
-- 
2.47.3