From ecfc40629f1e9e266b190f54da264f31b153cdb3 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 19 Oct 2007 17:59:59 +0000
Subject: [PATCH] Quote subversion username and password in svn commands.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@852 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/scm/adapters/abstract_adapter.rb  |  8 ++++++++
 .../scm/adapters/subversion_adapter.rb        | 19 ++++++++++++++-----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/lib/redmine/scm/adapters/abstract_adapter.rb b/lib/redmine/scm/adapters/abstract_adapter.rb
index 04f1d5308..4b524c538 100644
--- a/lib/redmine/scm/adapters/abstract_adapter.rb
+++ b/lib/redmine/scm/adapters/abstract_adapter.rb
@@ -81,6 +81,14 @@ module Redmine
           path ||= ''
           (path[0,1]!="/") ? "/#{path}" : path
         end
+        
+        def shell_quote(str)
+          if RUBY_PLATFORM =~ /mswin/
+            '"' + str.gsub(/"/, '\\"') + '"'
+          else
+            "'" + str.gsub(/'/, "'\"'\"'") + "'"
+          end
+        end
               
       private
         def retrieve_root_url
diff --git a/lib/redmine/scm/adapters/subversion_adapter.rb b/lib/redmine/scm/adapters/subversion_adapter.rb
index c9a73ddda..9e8acce4c 100644
--- a/lib/redmine/scm/adapters/subversion_adapter.rb
+++ b/lib/redmine/scm/adapters/subversion_adapter.rb
@@ -29,7 +29,7 @@ module Redmine
         # Get info about the svn repository
         def info
           cmd = "#{SVN_BIN} info --xml #{target('')}"
-          cmd << " --username #{@login} --password #{@password}" if @login
+          cmd << credentials_string
           info = nil
           shellout(cmd) do |io|
             begin
@@ -65,7 +65,7 @@ module Redmine
           identifier = 'HEAD' unless identifier and identifier > 0
           entries = Entries.new
           cmd = "#{SVN_BIN} list --xml #{target(path)}@#{identifier}"
-          cmd << " --username #{@login} --password #{@password}" if @login
+          cmd << credentials_string
           cmd << " 2>&1"
           shellout(cmd) do |io|
             output = io.read
@@ -101,7 +101,7 @@ module Redmine
           identifier_to = 1 unless identifier_to and identifier_to.to_i > 0
           revisions = Revisions.new
           cmd = "#{SVN_BIN} log --xml -r #{identifier_from}:#{identifier_to}"
-          cmd << " --username #{@login} --password #{@password}" if @login
+          cmd << credentials_string
           cmd << " --verbose " if  options[:with_paths]
           cmd << target(path)
           shellout(cmd) do |io|
@@ -145,7 +145,7 @@ module Redmine
           cmd << "#{identifier_to}:"
           cmd << "#{identifier_from}"
           cmd << "#{target(path)}@#{identifier_from}"
-          cmd << " --username #{@login} --password #{@password}" if @login
+          cmd << credentials_string
           diff = []
           shellout(cmd) do |io|
             io.each_line do |line|
@@ -161,7 +161,7 @@ module Redmine
         def cat(path, identifier=nil)
           identifier = (identifier and identifier.to_i > 0) ? identifier.to_i : "HEAD"
           cmd = "#{SVN_BIN} cat #{target(path)}@#{identifier}"
-          cmd << " --username #{@login} --password #{@password}" if @login
+          cmd << credentials_string
           cat = nil
           shellout(cmd) do |io|
             io.binmode
@@ -172,6 +172,15 @@ module Redmine
         rescue Errno::ENOENT => e
           raise CommandFailed    
         end
+        
+        private
+        
+        def credentials_string
+          str = ''
+          str << " --username #{shell_quote(@login)}" unless @login.blank?
+          str << " --password #{shell_quote(@password)}" unless @login.blank? || @password.blank?
+          str
+        end
       end
     end
   end
-- 
GitLab