Bug #18879 :: phpcs-svn-pre-commit requires escapeshellarg

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 3.7.2

Bug #18879	phpcs-svn-pre-commit requires escapeshellarg
Submitted:	2011-09-28 14:46 UTC
From:	bjorn	Assigned:	squiz
Status:	Closed	Package:	PHP_CodeSniffer (version 1.3.0)
PHP Version:	5.2.12	OS:	Ubuntu 10.04 & Centos 5.4
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

[2011-09-28 14:46 UTC] bjorn (Björn Katuin)

Description:
------------
there are some popen calls in the phpcs-svn-pre-commit script however arguments aren't escaped.

affected lines are:

72: 	$values['svnArgs'][] = $arg;
needs to be
$values['svnArgs'][] = escapeshellarg($arg);

168: 	$command = PHP_CODESNIFFER_SVNLOOK.' cat '.implode(' ', $values['svnArgs']).' '.$path;
needs to be
$command = PHP_CODESNIFFER_SVNLOOK.' cat '.implode(' ', $values['svnArgs']).' '.escapeshellarg($path);

Comments

[2011-10-07 06:43 UTC] squiz (Greg Sherwood)

-Status:      Open
+Status:      Closed
-Assigned To:
+Assigned To: squiz
This bug has been fixed in SVN.

If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

Thanks for the patch.