svn commit: r1486467 - /subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py

[brane]

Author: brane
Date: Sun May 26 20:24:29 2013
New Revision: 1486467

URL: http://svn.apache.org/r1486467
Log:
* tools/server-side/svnpubsub/revprop-change-hook.py (svncmd):
   Do not pass command through the shell to avoid shell command injection.

Modified:
    subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py

Modified: subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py
URL: 
http://svn.apache.org/viewvc/subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py?rev=1486467&r1=1486466&r2=1486467&view=diff
==============================================================================
--- subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py 
(original)
+++ subversion/trunk/tools/server-side/svnpubsub/revprop-change-hook.py Sun May 
26 20:24:29 2013
@@ -32,7 +32,7 @@ except ImportError:
 import urllib2
 
 def svncmd(cmd):
-    return subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
+    return subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE)
 
 def svncmd_uuid(repo):
     cmd = "%s uuid %s" % (SVNLOOK, repo)