util.system & friends & quoting
Mads Kiilerich
mads at kiilerich.com
Tue Mar 9 07:17:57 CST 2010
When investigating issue2076 I was reminded about some issues with
util.system and quoting. What is the current take and direction of this?
The goal is that it should be possible to use paths with spaces
everywhere, right? And also with quotes and backslash (with posix
semantics)? And also national characters? (Naaah - "ø" will never work
on windows ...)
util.system executes a command _line_ string, right? So its cmd
parameter should be properly escaped for the platforms shell, preferably
using util.shellquote?
The quoting introduced in a8c0365b2ace is thus (at least now) invalid?
(Unfortunately I didn't dare to touch it in 4368f582c806.) Currently I
can't explain why multi-argument commands works at all on windows - it
must be due to its misguiding friendliness which causes it to fail
strangely in some situations - such as issue2076.
It seems like the following uses of util.system or util.popen needs fixing:
filemerge: quote merge commands and parameters correctly
sshrepo initialization: we don't know the server platform, so perhaps
sshcmd must be escaped by the user? And what about the path?
ui.edit: We should escape editor path and file path properly.
convert.cvs: quotecommand looks suspicious - if it is right it should be
a part of util.popen2.
convert.git and p4: Escape properly
bugzilla notify seems to be unix only?
patchbomb and pager?
It should be made clear in the documentation that bisect and hook
commands are full shell command lines and must be properly escaped.
- and convert.gnuarch (and some other places) should probably use
util.system or popen.
Comments?
/Mads
More information about the Mercurial-devel
mailing list