Edit report at http://pear.php.net/bugs/bug.php?id=18879&edit=1

ID: 18879
Updated by: gsherwood@squiz.net
Reported By: bjorn at hcbmedia dot nl
Summary: phpcs-svn-pre-commit requires escapeshellarg
-Status: Open
+Status: Closed
Type: Bug
Package: PHP_CodeSniffer
Operating System: Ubuntu 10.04 & Centos 5.4
Package Version: 1.3.0
PHP Version: 5.2.12
-Assigned To:
+Assigned To: squiz
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: squiz
This bug has been fixed in SVN.

If this was a documentation problem, the fix will appear on pear.php.net
by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

Thanks for the patch.

Previous Comments:

[2011-09-28 10:46:09] bjorn

there are some popen calls in the phpcs-svn-pre-commit script however
arguments aren't escaped.

affected lines are:

72: $values['svnArgs'][] = $arg;
needs to be
$values['svnArgs'][] = escapeshellarg($arg);

168: $command = PHP_CODESNIFFER_SVNLOOK.' cat '.implode(' ',
$values['svnArgs']).' '.$path;
needs to be
$command = PHP_CODESNIFFER_SVNLOOK.' cat '.implode(' ',
$values['svnArgs']).' '.escapeshellarg($path);


Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
postedOct 7, '11 at 12:42a
activeOct 7, '11 at 12:42a

1 user in discussion

Gsherwood: 1 post



site design / logo © 2022 Grokbase