[PATCH 09 of 10] Switch all needed commands to new-style cmd() call

jgoerzen at complete.org jgoerzen at complete.org
Sun Mar 4 13:16:17 CST 2007


# HG changeset patch
# User John Goerzen <jgoerzen at complete.org>
# Date 1173039109 21600
# Node ID c1c221249db9bd715541a9a0d2d17cecdea38ef9
# Parent  7ade700f8b5da237accfa2ce81daf71a0e41cb3d
Switch all needed commands to new-style cmd() call
These would be all the ones that could have shell quoting vulnerabilities

diff --git a/contrib/darcs2hg.py b/contrib/darcs2hg.py
--- a/contrib/darcs2hg.py
+++ b/contrib/darcs2hg.py
@@ -103,7 +103,8 @@ def darcs_tip(darcs_repo):
 
 def darcs_pull(hg_repo, darcs_repo, chash):
 	old_tip = darcs_tip(darcs_repo)
-	res     = cmd("darcs pull \"%s\" --all --match=\"hash %s\"" % (darcs_repo, chash), hg_repo)
+        res     = cmd(['darcs', 'pull', darcs_repo, '--all',
+                       '--match=hash ' + chash], hg_repo)
 	print res
 	cmd("darcs revert --all", hg_repo, silent=True)
 	new_tip = darcs_tip(darcs_repo)
@@ -122,7 +123,8 @@ def hg_commit( hg_repo, text, author, da
 	old_tip = hg_tip(hg_repo)
 	cmd("hg add -X _darcs", hg_repo)
 	cmd("hg remove -X _darcs --after", hg_repo)
-	res = cmd("hg commit -l %s -u \"%s\" -d \"%s 0\""  % (tmpfile, author, date), hg_repo)
+        res = cmd(['hg', 'commit', '-l', tmpfile, '-u', author, '-d',
+                   str(date) + ' 0'], hg_repo)
 	os.close(fd)
 	new_tip = hg_tip(hg_repo)
 	if not new_tip == old_tip + 1:
@@ -132,8 +134,8 @@ def hg_commit( hg_repo, text, author, da
                             hg_repo)
                         cmd("cat %s >> .hgempty" % tmpfile, hg_repo)
                         cmd("hg add .hgempty", hg_repo)
-                        cmd("hg commit -l %s -u \"%s\" -d \"%s 0\"" %
-                            (tmpfile, author, date), hg_repo)
+                        cmd(['hg', 'commit', '-l', tmpfile, '-u', author,
+                             '-d', str(date) + ' 0'], hg_repo)
 		else:
 			error("Mercurial commit did not work as expected: " + res)
 	os.unlink(tmpfile)
@@ -147,7 +149,7 @@ def hg_tag( hg_repo, text, author, date 
 def hg_tag( hg_repo, text, author, date ):
 	old_tip = hg_tip(hg_repo)
 	text = text.strip()
-        cmd("hg tag -u \"%s\" -d \"%s 0\" \"%s\""  % (author, date, text), hg_repo)
+        cmd(['hg', 'tag', '-u', author, '-d', str(date) + ' 0', text], hg_repo)
         new_tip = hg_tip(hg_repo)
 
 # ------------------------------------------------------------------------------
@@ -180,7 +182,7 @@ if __name__ == "__main__":
 		print "Given HG repository must not exist when no SKIP is specified."
 		sys.exit(-1)
 	if skip == None:
-		cmd("hg init \"%s\"" % (hg_repo))
+                cmd(['hg', 'init', hg_repo])
 		cmd("echo 'syntax: glob' >> .hgignore", hg_repo)
 		cmd("echo _darcs >> .hgignore", hg_repo)
 		cmd("darcs initialize", hg_repo)



More information about the Mercurial-devel mailing list