git-gui: sanitize $PATH on all platforms

Since 8f23432b38d9 (windows: ignore empty `PATH` elements, 2022-11-23),
git-gui removes empty elements from $PATH, and a prior commit made this
remove all non-absolute elements from $PATH. But, this happens only on
Windows. Unsafe $PATH elements in $PATH are possible on all platforms.
Let's sanitize $PATH on all platforms to have consistent behavior. If a
user really wants the current repository on $PATH, they can add its
absolute name to $PATH.

Signed-off-by: Mark Levedahl <mlevedahl@gmail.com>
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Taylor Blau <me@ttaylorr.com>

diff --git a/git-gui.sh b/git-gui.sh
index 9ccd88893030f096dff60abdbe8e7ccf6dfb5f5c..217aeb9ce3a7b5e35a777cc21dcbf0b9e0ca344b 100755 (executable)
--- a/git-gui.sh
+++ b/git-gui.sh
@@ -77,39 +77,43 @@ proc is_Cygwin {} {
 
 ######################################################################
 ##
-## PATH lookup
+## PATH lookup. Sanitize $PATH, assure exec/open use only that
 
-set _search_path {}
-proc _which {what args} {
-       global env _search_exe _search_path
+if {[is_Windows]} {
+       set _path_sep {;}
+       set _search_exe .exe
+} else {
+       set _path_sep {:}
+       set _search_exe {}
+}
 
-       if {$_search_path eq {}} {
-               if {[is_Windows]} {
-                       set gitguidir [file dirname [info script]]
-                       regsub -all ";" $gitguidir "\\;" gitguidir
-                       set env(PATH) "$gitguidir;$env(PATH)"
-
-                       set _path_seen [dict create]
-                       foreach p [split $env(PATH) {;}] {
-                               # Keep only absolute paths, getting rid of ., empty, etc.
-                               if {[file pathtype $p] ne {absolute}} {
-                                       continue
-                               }
-                               # Keep only the first occurence of any duplicates.
-                               set norm_p [file normalize $p]
-                               if {[dict exists $_path_seen $norm_p]} {
-                                       continue
-                               }
-                               dict set _path_seen $norm_p 1
-                               lappend _search_path $norm_p
-                       }
-                       unset _path_seen
-                       set _search_exe .exe
-               } else {
-                       set _search_path [split $env(PATH) :]
-                       set _search_exe {}
-               }
+if {[is_Windows]} {
+       set gitguidir [file dirname [info script]]
+       regsub -all ";" $gitguidir "\\;" gitguidir
+       set env(PATH) "$gitguidir;$env(PATH)"
+}
+
+set _search_path {}
+set _path_seen [dict create]
+foreach p [split $env(PATH) $_path_sep] {
+       # Keep only absolute paths, getting rid of ., empty, etc.
+       if {[file pathtype $p] ne {absolute}} {
+               continue
        }
+       # Keep only the first occurence of any duplicates.
+       set norm_p [file normalize $p]
+       if {[dict exists $_path_seen $norm_p]} {
+               continue
+       }
+       dict set _path_seen $norm_p 1
+       lappend _search_path $norm_p
+}
+unset _path_seen
+
+set env(PATH) [join $_search_path $_path_sep]
+
+proc _which {what args} {
+       global _search_exe _search_path
 
        if {[is_Windows] && [lsearch -exact $args -script] >= 0} {
                set suffix {}