Merge pull request kbjr#7 from woolfg/escapedarguments

kbjr · kbjr · commit 2075583643c6 · 2012-11-11T11:28:08.000-08:00
commit message shellescaped, thus, injection is prevented
diff --git a/CI_Git.php b/CI_Git.php
@@ -263,7 +263,7 @@ public function add($files = "*") {
 	 * @return  string
 	 */	
 	public function commit($message = "") {
-		return $this->run("commit -av -m \"$message\"");
+		return $this->run("commit -av -m ".escapeshellarg($message));
 	}
 
 	/**
diff --git a/Git.php b/Git.php
@@ -256,7 +256,7 @@ public function add($files = "*") {
 	 * @return  string
 	 */
 	public function commit($message = "") {
-		return $this->run("commit -av -m \"$message\"");
+		return $this->run("commit -av -m ".escapeshellarg($message));
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -263,7 +263,7 @@ public function add($files = "*") {`
`263`	`263`	`* @return string`
`264`	`264`	`*/`
`265`	`265`	`public function commit($message = "") {`
`266`		`- return $this->run("commit -av -m \"$message\"");`
	`266`	`+ return $this->run("commit -av -m ".escapeshellarg($message));`
`267`	`267`	`}`
`268`	`268`
`269`	`269`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -256,7 +256,7 @@ public function add($files = "*") {`
`256`	`256`	`* @return string`
`257`	`257`	`*/`
`258`	`258`	`public function commit($message = "") {`
`259`		`- return $this->run("commit -av -m \"$message\"");`
	`259`	`+ return $this->run("commit -av -m ".escapeshellarg($message));`
`260`	`260`	`}`
`261`	`261`
`262`	`262`	`/**`