From: Johannes Sixt <j6t@kdbg.org>
Date: Sun, 23 Mar 2025 21:45:39 +0000 (+0100)
Subject: gitk: sanitize 'open' arguments: command pipeline
X-Git-Tag: v2.43.7~4^2~2^2~1^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=026c397d911cde55924d7eb1311d0fd6e2e105d5;p=thirdparty%2Fgit.git

gitk: sanitize 'open' arguments: command pipeline

As in the earlier commits, introduce a function that constructs a
pipeline of commands after sanitizing the arguments.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---

diff --git a/gitk b/gitk
index 2e37ddea96..9bd226ec83 100755
--- a/gitk
+++ b/gitk
@@ -82,6 +82,17 @@ proc safe_open_command_redirect {cmd redir} {
     open |[concat $cmd $redir] r
 }
 
+# opens a pipeline with several commands for reading
+# cmds is a list of lists, each of which specifies a command and its arguments
+# calls `open` and returns the file id
+proc safe_open_pipeline {cmds} {
+    set cmd {}
+    foreach subcmd $cmds {
+        set cmd [concat $cmd | [make_arglist_safe $subcmd]]
+    }
+    open $cmd r
+}
+
 # End exec/open wrappers
 
 proc hasworktree {} {
@@ -3970,14 +3981,14 @@ proc show_line_source {} {
     set blamefile [file join $cdup $flist_menu_file]
     if {$from_index ne {}} {
         set blameargs [list \
-            | git cat-file blob $from_index \
-            | git blame -p -L$line,+1 --contents - -- $blamefile]
+            [list git cat-file blob $from_index] \
+            [list git blame -p -L$line,+1 --contents - -- $blamefile]]
     } else {
         set blameargs [list \
-            | git blame -p -L$line,+1 $id -- $blamefile]
+            [list git blame -p -L$line,+1 $id -- $blamefile]]
     }
     if {[catch {
-        set f [open $blameargs r]
+        set f [safe_open_pipeline $blameargs]
     } err]} {
         error_popup [mc "Couldn't start git blame: %s" $err]
         return