Author: danielsh
Date: Mon Feb 12 16:12:20 2018
New Revision: 1824001
URL: http://svn.apache.org/viewvc?rev=1824001&view=rev
Log:
Merge r1823966 from trunk, with --accept=working:
* r1823966
Shelving: fix unsafe 'system' calls.
Justification:
Avoids potential command-line-quoting-safety issues.
Notes:
--accept=working
Votes:
+1: julianfoad, danielsh, stsp
Modified:
subversion/branches/1.10.x/ (props changed)
subversion/branches/1.10.x/STATUS
subversion/branches/1.10.x/subversion/svn/shelve-cmd.c
Propchange: subversion/branches/1.10.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 12 16:12:20 2018
@@ -100,4 +100,4 @@
/subversion/branches/verify-at-commit:1462039-1462408
/subversion/branches/verify-keep-going:1439280-1546110
/subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822996,1823202-1823203,1823327,1823989
+/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822996,1823202-1823203,1823327,1823966,1823989
Modified: subversion/branches/1.10.x/STATUS
URL:
http://svn.apache.org/viewvc/subversion/branches/1.10.x/STATUS?rev=1824001&r1=1824000&r2=1824001&view=diff
==============================================================================
--- subversion/branches/1.10.x/STATUS (original)
+++ subversion/branches/1.10.x/STATUS Mon Feb 12 16:12:20 2018
@@ -20,12 +20,3 @@ Veto-blocked changes:
Approved changes:
=================
-
- * r1823966
- Shelving: fix unsafe 'system' calls.
- Justification:
- Avoids potential command-line-quoting-safety issues.
- Notes:
- --accept=working
- Votes:
- +1: julianfoad, danielsh, stsp
Modified: subversion/branches/1.10.x/subversion/svn/shelve-cmd.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/svn/shelve-cmd.c?rev=1824001&r1=1824000&r2=1824001&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/svn/shelve-cmd.c (original)
+++ subversion/branches/1.10.x/subversion/svn/shelve-cmd.c Mon Feb 12 16:12:20
2018
@@ -84,6 +84,36 @@ list_sorted_by_date(apr_array_header_t *
return SVN_NO_ERROR;
}
+#ifndef WIN32
+/* Run CMD with ARGS.
+ * Send its stdout to the parent's stdout. Disconnect its stdin and stderr.
+ */
+static svn_error_t *
+run_cmd(const char *cmd,
+ const char *const *args,
+ apr_pool_t *scratch_pool)
+{
+ apr_status_t apr_err;
+ apr_file_t *outfile;
+ svn_error_t *err;
+ int exitcode;
+
+ apr_err = apr_file_open_stdout(&outfile, scratch_pool);
+ if (apr_err)
+ return svn_error_wrap_apr(apr_err, "Can't open stdout");
+
+ err = svn_io_run_cmd(NULL /*path*/, cmd, args,
+ &exitcode, NULL /*exitwhy*/,
+ TRUE /*inherit*/,
+ NULL /*infile*/, outfile, NULL /*errfile*/,
+ scratch_pool);
+ if (err || exitcode)
+ return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM, err,
+ _("Could not run external command '%s'"), cmd);
+ return SVN_NO_ERROR;
+}
+#endif
+
/* Display a list of shelved changes */
static svn_error_t *
shelves_list(const char *local_abspath,
@@ -120,10 +150,17 @@ shelves_list(const char *local_abspath,
if (diffstat)
{
#ifndef WIN32
- int result = system(apr_psprintf(scratch_pool,
- "diffstat -p0 %s 2> /dev/null",
- info->patch_path));
- if (result == 0)
+ const char *args[4];
+ svn_error_t *err;
+
+ args[0] = "diffstat";
+ args[1] = "-p0";
+ args[2] = info->patch_path;
+ args[3] = NULL;
+ err = run_cmd("diffstat", args, scratch_pool);
+ if (err)
+ svn_error_clear(err);
+ else
SVN_ERR(svn_cmdline_printf(scratch_pool,
"\n"));
#endif
