Modify

Opened 4 years ago

Closed 4 years ago

#517 closed defect (wontfix)

SVN base task doesn't escape all parameters properly

Reported by: Alexandre Nion <alexandre.nion@…> Owned by: mrook
Priority: minor Milestone: 2.4.3
Component: phing-tasks-ext Version: 2.4.2
Keywords: svn Cc:

Description

Seems that there is a problem with some SVN tasks (at least Svn export but I guess some others may be concerned) and special chars.

For an example if you try to export a file in a directory whose name integrates such a character (ie a space), your export will fail as SVN won't be able to process the arguments correctly. Simple test target :

<target name="test-export"> <svnexport

svnpath="/usr/bin/svn"

username="anonymous" password="anonymous" repositoryurl="http://your.repo.address/test/mytestfile.php" todir="/tmp/My personal test export/mytestfile.php"

/> </target>

will fail because of spaces contained in the target directory name (todir) :

BUILD FAILED exception 'BuildException' with message [...] Failed to run the 'svn export' command: svn: Erreur lors de l'analyse des arguments' in /usr/share/pear/phing/tasks/ext/svn/SvnBaseTask.php:318 Stack trace: #0 /usr/share/pear/phing/tasks/ext/svn/SvnExportTask.php(62): SvnBaseTask->run(Array, Array) #1 /usr/share/pear/phing/Task.php(253): SvnExportTask->main() #2 /usr/share/pear/phing/Target.php(240): Task->perform() #3 /usr/share/pear/phing/Target.php(263): Target->main() #4 /usr/share/pear/phing/Project.php(733): Target->performTasks() #5 /usr/share/pear/phing/Project.php(706): Project->executeTarget('test-export') #6 /usr/share/pear/phing/Phing.php(553): Project->executeTargets(Array) #7 /usr/share/pear/phing/Phing.php(170): Phing->runBuild() #8 /usr/share/pear/phing/Phing.php(270): Phing::start(Array, NULL) #9 /usr/share/pear/phing.php(37): Phing::fire(Array) #10 {main}

Indeed arguments given to the generated svn command in SvnBaseTask are not properly escaped and, as escapeshellcmd is disabled, the command will then fail as it will consider each part as arguments. As a resolution, the following patch in SvnBase Task may take care of this :

--- /usr/share/pear/phing/tasks/ext/svn/SvnBaseTask.php 2010-08-02 12:13:11.646320948 +0200 +++ SvnBaseTask.php 2010-08-02 12:13:00.375071101 +0200 @@ -299,7 +299,7 @@

$tempArgs = $this->svnArgs;

  • $tempArgs = array_merge($tempArgs, $args);

+ $tempArgs = array_merge($tempArgs, array_map('escapeshellarg', $args));

$tempSwitches = $this->svnSwitches;

By applying 'escapeshellarg' function on submitted parameters too, and all the command arguments will then be escaped as expected.

Attachments (0)

Change History (2)

comment:1 Changed 4 years ago by Alexandre Nion <alexandre.nion@…>

Sorry seems that I had a problem with formatting, consider using preformated text instead :

<target name="test-export">
<svnexport
 svnpath="/usr/bin/svn"
   username="anonymous"
   password="anonymous"
   repositoryurl="http://your.repo.address/test/mytestfile.php"
   todir="/tmp/My personal test export/mytestfile.php"
/>
</target>
BUILD FAILED
exception 'BuildException' with message [...] Failed to run the 'svn export' command: svn: Erreur lors de l'analyse des arguments' in /usr/share/pear/phing/tasks/ext/svn/SvnBaseTask.php:318
Stack trace:
#0 /usr/share/pear/phing/tasks/ext/svn/SvnExportTask.php(62): SvnBaseTask->run(Array, Array)
#1 /usr/share/pear/phing/Task.php(253): SvnExportTask->main()
#2 /usr/share/pear/phing/Target.php(240): Task->perform()
#3 /usr/share/pear/phing/Target.php(263): Target->main()
#4 /usr/share/pear/phing/Project.php(733): Target->performTasks()
#5 /usr/share/pear/phing/Project.php(706): Project->executeTarget('test-export')
#6 /usr/share/pear/phing/Phing.php(553): Project->executeTargets(Array)
#7 /usr/share/pear/phing/Phing.php(170): Phing->runBuild()
#8 /usr/share/pear/phing/Phing.php(270): Phing::start(Array, NULL)
#9 /usr/share/pear/phing.php(37): Phing::fire(Array)
#10 {main}
--- /usr/share/pear/phing/tasks/ext/svn/SvnBaseTask.php 2010-08-02 12:13:11.646320948 +0200
+++ SvnBaseTask.php     2010-08-02 12:13:00.375071101 +0200
@@ -299,7 +299,7 @@

         $tempArgs = $this->svnArgs;

-        $tempArgs = array_merge($tempArgs, $args);
+        $tempArgs = array_merge($tempArgs, array_map('escapeshellarg', $args));

         $tempSwitches = $this->svnSwitches;

comment:2 Changed 4 years ago by mrook

  • Resolution set to wontfix
  • Status changed from new to closed

The call to escapeshellarg() will be implemented in a new version of VersionControl_SVN (see http://svn.php.net/viewvc?view=revision&revision=302158)

Add Comment

Modify Ticket

Action
as closed The owner will remain mrook.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.