gitk: sanitize 'open' arguments: simple commands, readable and writable

As in the previous commits, introduce a function that sanitizes
arguments and also keeps the returned file handle writable to pass
data to stdin.

Signed-off-by: Johannes Sixt <[email protected]>
Signed-off-by: Taylor Blau <[email protected]>

Author: j6t

gitk

@@ -66,6 +66,13 @@ proc safe_open_command {cmd} {
     open |[make_arglist_safe $cmd] r
 }
 
+# opens a command pipeline for reading and writing
+# cmd is a list that specifies the command and its arguments
+# calls `open` and returns the file id
+proc safe_open_command_rw {cmd} {
+    open |[make_arglist_safe $cmd] r+
+}
+
 # opens a command pipeline for reading with redirections
 # cmd is a list that specifies the command and its arguments
 # redir is a list that specifies redirections
@@ -4897,8 +4904,8 @@ proc do_file_hl {serial} {
         # must be "containing:", i.e. we're searching commit info
         return
     }
-    set cmd [concat | git diff-tree -r -s --stdin $gdtargs]
-    set filehighlight [open $cmd r+]
+    set cmd [concat git diff-tree -r -s --stdin $gdtargs]
+    set filehighlight [safe_open_command_rw $cmd]
     fconfigure $filehighlight -blocking 0
     filerun $filehighlight readfhighlight
     set fhl_list {}