gitk: sanitize 'open' arguments: revisit recently updated 'open' calls

j6t · ttaylorr · commit 67a128b91e25 · 2025-05-23T17:04:23.000-04:00
The previous commits bb5cb23 (gitk: prevent overly long command lines, 2023-01-24) rewrote a set of the 'open' calls substantially. These were then later updated by 7dd272e (gitk: escape file paths before piping to git log, 2023-01-24) and d5d1b91e5327 (gitk: encode arguments correctly with "open", 2025-03-07). In the preceding merge, the conversions to a safe_open variant were undone to ensure that the principal operation of the new 'open' calls is not modified by accident. Since the 'open' calls now pass a redirection from a Tcl string as stdin, convert the calls to 'safe_open_command_redirect'. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Taylor Blau <me@ttaylorr.com>
diff --git a/gitk b/gitk
@@ -498,9 +498,9 @@ proc start_rev_list {view} {
     }
 
     if {[catch {
-        set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
-                        --parents --boundary $args --stdin \
-                        [list "<<[join [concat $revs "--" $files] "\n"]"]] r]
+        set fd [safe_open_command_redirect [concat git log --no-color -z --pretty=raw $show_notes \
+                        --parents --boundary $args --stdin] \
+                        [list "<<[join [concat $revs "--" $files] "\n"]"]]
     } err]} {
         error_popup "[mc "Error executing git log:"] $err"
         return 0
@@ -651,9 +651,9 @@ proc updatecommits {} {
         set args $vorigargs($view)
     }
     if {[catch {
-        set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
-                        --parents --boundary $args --stdin \
-                        [list "<<[join [concat $revs "--" $vfilelimit($view)] "\n"]"]] r]
+        set fd [safe_open_command_redirect [concat git log --no-color -z --pretty=raw $show_notes \
+                        --parents --boundary $args --stdin] \
+                        [list "<<[join [concat $revs "--" $vfilelimit($view)] "\n"]"]]
     } err]} {
         error_popup "[mc "Error executing git log:"] $err"
         return
@@ -10322,10 +10322,11 @@ proc getallcommits {} {
     if {$ids ne {}} {
         if {$ids eq "--all"} {
             set cmd [concat $cmd "--all"]
+            set fd [safe_open_command $cmd]
         } else {
-            set cmd [concat $cmd --stdin [list "<<[join $ids "\n"]"]]
+            set cmd [concat $cmd --stdin]
+            set fd [safe_open_command_redirect $cmd [list "<<[join $ids "\n"]"]]
         }
-        set fd [open $cmd r]
         fconfigure $fd -blocking 0
         incr allcommits
         nowbusy allcommits
