diff options
| author | Nigel Kukard <nkukard@lbsd.net> | 2013-11-04 22:06:27 +0000 |
|---|---|---|
| committer | Nigel Kukard <nkukard@lbsd.net> | 2013-11-04 22:09:03 +0000 |
| commit | c46eaca91247ccf8e6fb3b691dad028e1b084ae3 (patch) | |
| tree | faed085ef880760223d9b702ed7399fe84062b83 /lib/backup/repository.rb | |
| parent | ee0e9830c1c1e4c54fd0b18fadef50f76c3680a4 (diff) | |
| download | gitlab-ce-c46eaca91247ccf8e6fb3b691dad028e1b084ae3.tar.gz | |
More escaping
- Database name may contain characters which are not shell friendly
- Database password could contain the same
- While we at it there is no harm in escaping generated paths too
- Refactored 2-line system(command)
Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
Diffstat (limited to 'lib/backup/repository.rb')
| -rw-r--r-- | lib/backup/repository.rb | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/backup/repository.rb b/lib/backup/repository.rb index 252201f11be..3649ff99d24 100644 --- a/lib/backup/repository.rb +++ b/lib/backup/repository.rb @@ -1,4 +1,5 @@ require 'yaml' +require 'shellwords' module Backup class Repository @@ -18,7 +19,7 @@ module Backup # Create namespace dir if missing FileUtils.mkdir_p(File.join(backup_repos_path, project.namespace.path)) if project.namespace - if system("cd #{path_to_repo(project)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(project)} --all > /dev/null 2>&1") + if system("cd #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(project))} --all > /dev/null 2>&1") puts "[DONE]".green else puts "[FAILED]".red @@ -30,7 +31,7 @@ module Backup print " * #{wiki.path_with_namespace} ... " if wiki.empty? puts " [SKIPPED]".cyan - elsif system("cd #{path_to_repo(wiki)} > /dev/null 2>&1 && git bundle create #{path_to_bundle(wiki)} --all > /dev/null 2>&1") + elsif system("cd #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1 && git bundle create #{Shellwords.shellescape(path_to_bundle(wiki))} --all > /dev/null 2>&1") puts " [DONE]".green else puts " [FAILED]".red @@ -53,7 +54,7 @@ module Backup project.namespace.ensure_dir_exist if project.namespace - if system("git clone --bare #{path_to_bundle(project)} #{path_to_repo(project)} > /dev/null 2>&1") + if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(project))} #{Shellwords.shellescape(path_to_repo(project))} > /dev/null 2>&1") puts "[DONE]".green else puts "[FAILED]".red @@ -63,7 +64,7 @@ module Backup if File.exists?(path_to_bundle(wiki)) print " * #{wiki.path_with_namespace} ... " - if system("git clone --bare #{path_to_bundle(wiki)} #{path_to_repo(wiki)} > /dev/null 2>&1") + if system("git clone --bare #{Shellwords.shellescape(path_to_bundle(wiki))} #{Shellwords.shellescape(path_to_repo(wiki))} > /dev/null 2>&1") puts " [DONE]".green else puts " [FAILED]".red |