diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-23 19:21:31 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-23 19:21:31 -0500 |
| commit | e6ca18b442de807a910c6281bf655a1b213dbf0e (patch) | |
| tree | 07bac3a14d681f6b32636a253ecf729553370e72 /docs/python-treesit-predicate-mismatch.txt | |
| parent | a4c3e2e09a2063901cc76e2134ccd63e1e6a19f7 (diff) | |
| download | dotemacs-e6ca18b442de807a910c6281bf655a1b213dbf0e.tar.gz dotemacs-e6ca18b442de807a910c6281bf655a1b213dbf0e.zip | |
fix(dwim-shell): quote and validate user-controlled shell inputs
Several dwim-shell commands interpolated user-controlled strings straight into shell templates, so a value with spaces, quotes, or shell metacharacters could break out of the command. The worst was git-clone-clipboard-url, which dropped raw clipboard contents into "git clone <<cb>>".
I added three pure validators (git URL, ffmpeg timestamp, rename prefix) and fixed the interpolation sites. git-clone now validates the clipboard and passes the URL through shell-quote-argument instead of <<cb>>. The GPG recipient and the 7z archive name go through shell-quote-argument instead of hand-written single quotes. The thumbnail timestamp and the rename prefix are validated to a safe shape before they reach the command, so the unquoted interpolation that remains is constrained to digits, colons, and filename-safe characters.
The fifth case in the ticket, the video-concat filelist built with echo/tr/sed, is a redesign rather than a quoting fix and is filed as a follow-up.
Diffstat (limited to 'docs/python-treesit-predicate-mismatch.txt')
0 files changed, 0 insertions, 0 deletions
