hoxu
/
gitstats
şunun yansıması https://github.com/hoxu/gitstats
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Sürümler 0 Wiki Aktivite
Kaynağa Gözat

Remove backticks from author names passed to gnuplot. 

Without this, author names containing `touch /tmp/vulnerable` would cause said
file to appear after generating statistics for the given repository.

This is not an optimal solution. Instead of blacklisting characters we should
either whitelist some, or find a safe escape mechanism for gnuplot.
Heikki Hokkanen 12 yıl önce
ebeveyn
a664c2eb6b
işleme
5ba386aede
1 değiştirilmiş dosya ile 4 ekleme ve 2 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 4
    2
      gitstats

+ 4
- 2
gitstats Dosyayı Görüntüle 

@@ -1314,7 +1314,8 @@ plot """
1314 1314 
 		plots = []
1315 1315 
 		for a in self.authors_to_plot:
1316 1316 
 			i = i + 1
1317 
-			plots.append("""'lines_of_code_by_author.dat' using 1:%d title "%s" w lines""" % (i, a.replace("\"", "\\\"")))
1317 
+			author = a.replace("\"", "\\\"").replace("`", "")
1318 
+			plots.append("""'lines_of_code_by_author.dat' using 1:%d title "%s" w lines""" % (i, author))
1318 1319 
 		f.write(", ".join(plots))
1319 1320 
 		f.write('\n')
1320 1321 
 
@@ -1341,7 +1342,8 @@ plot """
1341 1342 
 		plots = []
1342 1343 
 		for a in self.authors_to_plot:
1343 1344 
 			i = i + 1
1344 
-			plots.append("""'commits_by_author.dat' using 1:%d title "%s" w lines""" % (i, a.replace("\"", "\\\"")))
1345 
+			author = a.replace("\"", "\\\"").replace("`", "")
1346 
+			plots.append("""'commits_by_author.dat' using 1:%d title "%s" w lines""" % (i, author))
1345 1347 
 		f.write(", ".join(plots))
1346 1348 
 		f.write('\n')
1347 1349