From: Johannes Sixt <j6t@kdbg.org>
Date: Fri, 21 Mar 2025 22:34:14 +0000 (+0100)
Subject: gitk: sanitize 'open' arguments: simple commands, readable and writable
X-Git-Tag: v2.43.7~4^2~2^2~1^2~2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=2aeb4484a046a545fb540ba07397b25b13fe6881;p=thirdparty%2Fgit.git

gitk: sanitize 'open' arguments: simple commands, readable and writable

As in the previous commits, introduce a function that sanitizes
arguments and also keeps the returned file handle writable to pass
data to stdin.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
---

diff --git a/gitk b/gitk
index 68d6bfd61f..22da6a811c 100755
--- a/gitk
+++ b/gitk
@@ -66,6 +66,13 @@ proc safe_open_command {cmd} {
     open |[make_arglist_safe $cmd] r
 }
 
+# opens a command pipeline for reading and writing
+# cmd is a list that specifies the command and its arguments
+# calls `open` and returns the file id
+proc safe_open_command_rw {cmd} {
+    open |[make_arglist_safe $cmd] r+
+}
+
 # opens a command pipeline for reading with redirections
 # cmd is a list that specifies the command and its arguments
 # redir is a list that specifies redirections
@@ -4897,8 +4904,8 @@ proc do_file_hl {serial} {
         # must be "containing:", i.e. we're searching commit info
         return
     }
-    set cmd [concat | git diff-tree -r -s --stdin $gdtargs]
-    set filehighlight [open $cmd r+]
+    set cmd [concat git diff-tree -r -s --stdin $gdtargs]
+    set filehighlight [safe_open_command_rw $cmd]
     fconfigure $filehighlight -blocking 0
     filerun $filehighlight readfhighlight
     set fhl_list {}