gitk: sanitize 'open' arguments: revisit recently updated 'open' calls

The previous commits bb5cb23daf (gitk: prevent overly long command lines, 2023-01-24) rewrote a set of the 'open' calls substantially. These were then later updated by 7dd272eca1 (gitk: escape file paths before piping to git log, 2023-01-24) and d5d1b91e5327 (gitk: encode arguments correctly with "open", 2025-03-07). In the preceding merge, the conversions to a safe_open variant were undone to ensure that the principal operation of the new 'open' calls is not modified by accident. Since the 'open' calls now pass a redirection from a Tcl string as stdin, convert the calls to 'safe_open_command_redirect'. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Taylor Blau <me@ttaylorr.com>
2026-01-11 02:32:58 +00:00 · 2025-03-29 18:49:05 +01:00
parent d7bc50cece
commit 67a128b91e
1 changed files with 9 additions and 8 deletions
--- a/17
+++ b/17
@@ -498,9 +498,9 @@ proc start_rev_list {view} {
    }

    if {[catch {
-        set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
-                        --parents --boundary $args --stdin \
-                        [list "<<[join [concat $revs "--" $files] "\n"]"]] r]
+        set fd [safe_open_command_redirect [concat git log --no-color -z --pretty=raw $show_notes \
+                        --parents --boundary $args --stdin] \
+                        [list "<<[join [concat $revs "--" $files] "\n"]"]]
    } err]} {
        error_popup "[mc "Error executing git log:"] $err"
        return 0
@@ -651,9 +651,9 @@ proc updatecommits {} {
        set args $vorigargs($view)
    }
    if {[catch {
-        set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
-                        --parents --boundary $args --stdin \
-                        [list "<<[join [concat $revs "--" $vfilelimit($view)] "\n"]"]] r]
+        set fd [safe_open_command_redirect [concat git log --no-color -z --pretty=raw $show_notes \
+                        --parents --boundary $args --stdin] \
+                        [list "<<[join [concat $revs "--" $vfilelimit($view)] "\n"]"]]
    } err]} {
        error_popup "[mc "Error executing git log:"] $err"
        return
@@ -10322,10 +10322,11 @@ proc getallcommits {} {
    if {$ids ne {}} {
        if {$ids eq "--all"} {
            set cmd [concat $cmd "--all"]
+            set fd [safe_open_command $cmd]
        } else {
-            set cmd [concat $cmd --stdin [list "<<[join $ids "\n"]"]]
+            set cmd [concat $cmd --stdin]
+            set fd [safe_open_command_redirect $cmd [list "<<[join $ids "\n"]"]]
        }
-        set fd [open $cmd r]
        fconfigure $fd -blocking 0
        incr allcommits
        nowbusy allcommits