From: Johannes Sixt <j6t@kdbg.org>
Date: Sat, 29 Mar 2025 16:35:19 +0000 (+0100)
Subject: gitk: sanitize 'exec' arguments: redirect to process
X-Git-Tag: v2.43.7~4^2~2^2~1^2~5
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=30846b43060c3d57575b59b9aaa80c4bd1688171;p=thirdparty%2Fgit.git

gitk: sanitize 'exec' arguments: redirect to process

Convert one 'exec' call that sends output to a process (pipeline).
Fortunately, the command does not contain any variables. For this
reason, just treat it as a "redirection".

Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---

diff --git a/gitk b/gitk
index c0d793f05d..9673e56abd 100755
--- a/gitk
+++ b/gitk
@@ -43,7 +43,7 @@ proc safe_exec {cmd} {
 # executes one command with redirections
 # no pipelines are possible
 # cmd is a list that specifies the command and its arguments
-# redir is a list that specifies redirections (output, background)
+# redir is a list that specifies redirections (output, background, constant(!) commands)
 # calls `exec` and returns its value
 proc safe_exec_redirect {cmd redir} {
     eval exec [make_arglist_safe $cmd] $redir
@@ -9120,7 +9120,7 @@ proc getpatchid {id} {
     if {![info exists patchids($id)]} {
         set cmd [diffcmd [list $id] {-p --root}]
         if {[catch {
-            set x [eval exec $cmd | git patch-id]
+            set x [safe_exec_redirect $cmd [list | git patch-id]]
             set patchids($id) [lindex $x 0]
         }]} {
             set patchids($id) "error"