gitk: sanitize 'open' arguments: simple commands, readable and writable

As in the previous commits, introduce a function that sanitizes
arguments and also keeps the returned file handle writable to pass
data to stdin.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Taylor Blau <me@ttaylorr.com>

diff --git a/gitk b/gitk
index 68d6bfd61f5f84a0a3e9884309470f1dac2354a7..22da6a811c2081f542365154d576fc0cd81e53c3 100755 (executable)
--- a/gitk
+++ b/gitk
@@ -66,6 +66,13 @@ proc safe_open_command {cmd} {
     open |[make_arglist_safe $cmd] r
 }
 
+# opens a command pipeline for reading and writing
+# cmd is a list that specifies the command and its arguments
+# calls `open` and returns the file id
+proc safe_open_command_rw {cmd} {
+    open |[make_arglist_safe $cmd] r+
+}
+
 # opens a command pipeline for reading with redirections
 # cmd is a list that specifies the command and its arguments
 # redir is a list that specifies redirections
@@ -4897,8 +4904,8 @@ proc do_file_hl {serial} {
         # must be "containing:", i.e. we're searching commit info
         return
     }
-    set cmd [concat | git diff-tree -r -s --stdin $gdtargs]
-    set filehighlight [open $cmd r+]
+    set cmd [concat git diff-tree -r -s --stdin $gdtargs]
+    set filehighlight [safe_open_command_rw $cmd]
     fconfigure $filehighlight -blocking 0
     filerun $filehighlight readfhighlight
     set fhl_list {}