gnulib-tool.py: Quote file names passed to 'patch'.

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnulib-tool.py: Quote file names passed to 'patch'.

From:	Collin Funk
Subject:	gnulib-tool.py: Quote file names passed to 'patch'.
Date:	Wed, 1 May 2024 21:34:50 -0700
User-agent:	Mozilla Thunderbird

I noticed that the file names when running 'patch' on test-driver
weren't quoted. I guess that would cause problems in practice if you
used spaces in directories, which I have my own opinions on. :)

Since we assume POSIX shells we can just use shlex.quote() to deal
with any theoretical shell injections too [1]. In practice I don't
think that should ever be a problem.

I've applied the attached patch.

[1] https://docs.python.org/3/library/shlex.html#shlex.quote

Collin

0001-gnulib-tool.py-Quote-file-names-passed-to-patch.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

gnulib-tool.py: Quote file names passed to 'patch'., Collin Funk <=
- Re: gnulib-tool.py: Quote file names passed to 'patch'., Bruno Haible, 2024/05/02

Prev by Date: Re: Adding Cygwin and MSYS2 to DEPENDENCIES
Next by Date: gnulib-tool.py: Don't leave temporary directories on exit.
Previous by thread: Adding Cygwin and MSYS2 to DEPENDENCIES
Next by thread: Re: gnulib-tool.py: Quote file names passed to 'patch'.
Index(es):
- Date
- Thread