Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfb43244

Browse files
committed
Merge branch 'master' ofhttps://github.com/Plazmaz/GitPython into Plazmaz-master
2 parentsf6cf7a7 +67291f0 commitfb43244

File tree

2 files changed

+22
-7
lines changed

2 files changed

+22
-7
lines changed

‎git/repo/base.py

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
importos
1010
importre
1111
importsys
12+
importwarnings
1213

1314
fromgit.cmdimport (
1415
Git,
@@ -86,7 +87,7 @@ class Repo(object):
8687
# Subclasses may easily bring in their own custom types by placing a constructor or type here
8788
GitCommandWrapperType=Git
8889

89-
def__init__(self,path=None,odbt=DefaultDBType,search_parent_directories=False):
90+
def__init__(self,path=None,odbt=DefaultDBType,search_parent_directories=False,expand_vars=True):
9091
"""Create a new Repo instance
9192
9293
:param path:
@@ -112,12 +113,18 @@ def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=Fals
112113
:raise InvalidGitRepositoryError:
113114
:raise NoSuchPathError:
114115
:return: git.Repo """
116+
115117
epath=pathoros.getenv('GIT_DIR')
116118
ifnotepath:
117119
epath=os.getcwd()
118120
ifGit.is_cygwin():
119121
epath=decygpath(epath)
120-
epath=expand_path(epathorpathoros.getcwd())
122+
123+
epath=epathorpathoros.getcwd()
124+
ifexpand_varsand ("%"inepathor"$"inepath):
125+
warnings.warn("The use of environment variables in paths is deprecated"+
126+
"\nfor security reasons and may be removed in the future!!")
127+
epath=expand_path(epath,expand_vars)
121128
ifnotos.path.exists(epath):
122129
raiseNoSuchPathError(epath)
123130

@@ -144,7 +151,7 @@ def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=Fals
144151
sm_gitpath=find_worktree_git_dir(dotgit)
145152

146153
ifsm_gitpathisnotNone:
147-
self.git_dir=expand_path(sm_gitpath)
154+
self.git_dir=expand_path(sm_gitpath,expand_vars)
148155
self._working_tree_dir=curpath
149156
break
150157

@@ -840,7 +847,7 @@ def blame(self, rev, file, incremental=False, **kwargs):
840847
returnblames
841848

842849
@classmethod
843-
definit(cls,path=None,mkdir=True,odbt=DefaultDBType,**kwargs):
850+
definit(cls,path=None,mkdir=True,odbt=DefaultDBType,expand_vars=True,**kwargs):
844851
"""Initialize a git repository at the given path if specified
845852
846853
:param path:
@@ -858,12 +865,17 @@ def init(cls, path=None, mkdir=True, odbt=DefaultDBType, **kwargs):
858865
the directory containing the database objects, i.e. .git/objects.
859866
It will be used to access all object data
860867
868+
:param expand_vars:
869+
if specified, environment variables will not be escaped. This
870+
can lead to information disclosure, allowing attackers to
871+
access the contents of environment variables
872+
861873
:parm kwargs:
862874
keyword arguments serving as additional options to the git-init command
863875
864876
:return: ``git.Repo`` (the newly created repo)"""
865877
ifpath:
866-
path=expand_path(path)
878+
path=expand_path(path,expand_vars)
867879
ifmkdirandpathandnotosp.exists(path):
868880
os.makedirs(path,0o755)
869881

‎git/util.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -341,9 +341,12 @@ def finalize_process(proc, **kwargs):
341341
proc.wait(**kwargs)
342342

343343

344-
defexpand_path(p):
344+
defexpand_path(p,expand_vars=True):
345345
try:
346-
returnosp.normpath(osp.abspath(osp.expandvars(osp.expanduser(p))))
346+
p=osp.expanduser(p)
347+
ifexpand_vars:
348+
p=osp.expandvars(p)
349+
returnosp.normpath(osp.abspath(p))
347350
except:
348351
returnNone
349352

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp