[122042] trunk/base/src/macports1.0

cal at macports.org cal at macports.org
Sun Jul 13 05:55:29 PDT 2014 

Revision: 122042
          https://trac.macports.org/changeset/122042
Author:   cal at macports.org
Date:     2014-07-13 05:55:29 -0700 (Sun, 13 Jul 2014)
Log Message:
-----------
base: macports1.0: provide shell escaping function, use shell escaping for the selfupdate arguments in an attempt to fix #43875

Modified Paths:
--------------
    trunk/base/src/macports1.0/macports.tcl
    trunk/base/src/macports1.0/tests/macports.test

Modified: trunk/base/src/macports1.0/macports.tcl
===================================================================
--- trunk/base/src/macports1.0/macports.tcl	2014-07-13 11:44:19 UTC (rev 122041)
+++ trunk/base/src/macports1.0/macports.tcl	2014-07-13 12:55:29 UTC (rev 122042)
@@ -3539,7 +3539,7 @@
             }
             ui_debug "Permissions OK"
 
-            set configure_args "--prefix=$prefix --with-install-user=$owner --with-install-group=$group --with-directory-mode=$perms"
+            set configure_args "--prefix=[macports::shellescape $prefix] --with-install-user=[macports::shellescape $owner] --with-install-group=[macports::shellescape $group] --with-directory-mode=[macports::shellescape $perms]"
             # too many users have an incompatible readline in /usr/local, see ticket #10651
             if {$tcl_platform(os) ne {Darwin} || $prefix eq {/usr/local}
                 || ([glob -nocomplain /usr/local/lib/lib{readline,history}*] eq {} && [glob -nocomplain /usr/local/include/readline/*.h] eq {})} {
@@ -5002,3 +5002,25 @@
     }
     return $archive_sites_conf_values
 }
+
+##
+# Escape a string for use in a POSIX shell, e.g., when passing it to the \c system Pextlib extension. This is necessary
+# to handle cases such as group names with backslashes correctly. See #43875 for an example of a problem caused by
+# missing quotes.
+#
+# @param arg The argument that should be escaped for use in a POSIX shell
+# @return A quoted version of the argument
+proc macports::shellescape {arg} {
+    set mapping {}
+    # Replace each backslash by a double backslash. Apparently Bash treats Backslashes in single-quoted strings
+    # differently depending on whether is was invoked as sh or bash: echo 'using \backslashes' preserves the backslash
+    # in bash mode, but interprets it in sh mode. Since the `system' command uses sh, escape backslashes.
+    lappend mapping "\\" "\\\\"
+    # Replace each single quote with a single quote (closing the currently open string), an escaped single quote \'
+    # (additional backslash needed to escape the backslash in Tcl), and another single quote (opening a new quoted
+    # string).
+    lappend mapping "'" "'\\''"
+
+    # Add a single quote at the start, escape all single quotes in the argument, and add a single quote at the end
+    return "'[string map $mapping $arg]'"
+}

Modified: trunk/base/src/macports1.0/tests/macports.test
===================================================================
--- trunk/base/src/macports1.0/tests/macports.test	2014-07-13 11:44:19 UTC (rev 122041)
+++ trunk/base/src/macports1.0/tests/macports.test	2014-07-13 12:55:29 UTC (rev 122042)
@@ -915,4 +915,39 @@
 } -result "Get archive sites conf values successful."
 
 
+set shellescapeTests [list \
+    "using \\backslashes" \
+    " spaces " \
+    "and	tabs" \
+    "quotes need to be \"supported\", too" \
+    "… and not only 'double-quotes'" \
+    "other meta chars such as \$dollar," \
+    "!bang, ;semicolon, :colon," \
+    "\$(subshells) and similar must be kept" \
+    ">redirects <& must be ignored as well as ampersands &"]
+test shellescaping {
+    Check whether shell escaping using macports::shellescape works correctly when passed to Pextlib's system extension.
+} -setup {
+    set outputfile "shellescapetestoutput.txt"
+    makeFile "" $outputfile
+
+} -body {
+    set first "yes"
+    foreach test $shellescapeTests {
+        if {$first eq "yes"} {
+            system "echo [macports::shellescape $test]  >$outputfile"
+            set first "no"
+        } else {
+            system "echo [macports::shellescape $test] >>$outputfile"
+        }
+    }
+
+    set fd [open $outputfile r]
+    set output [read -nonewline $fd]
+    close $fd
+    return $output
+} -cleanup {
+    removeFile $outputfile
+} -result [join $shellescapeTests "\n"]
+
 cleanupTests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20140713/4ad59ff1/attachment.html>

More information about the macports-changes mailing list