From c2a9baf3c045fb6ff4cb0e2eab35bbdeb2f8e35b Mon Sep 17 00:00:00 2001
From: "reed%reedloden.com"
 <reed%reedloden.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Thu, 12 Apr 2007 01:19:41 +0000
Subject: [PATCH] Bug 369188 - "bonsai shell_escape problem" [p=reed r=bear]

git-svn-id: svn://10.0.0.236/trunk@224427 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/bonsai/globals.pl      | 5 ++---
 mozilla/webtools/bonsai/multidiff.cgi   | 4 ++--
 mozilla/webtools/tinderbox/tbglobals.pl | 5 ++---
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/mozilla/webtools/bonsai/globals.pl b/mozilla/webtools/bonsai/globals.pl
index c800c0ae6a8..c4afea838bc 100644
--- a/mozilla/webtools/bonsai/globals.pl
+++ b/mozilla/webtools/bonsai/globals.pl
@@ -1396,11 +1396,10 @@ sub Fix_BonsaiLink {
      return $bonsai_path;
 }
 
-# Quotify a string, suitable for invoking a shell process
+# Only allow characters suitable for invoking a shell process
 sub shell_escape {
     my ($file) = @_;
-    $file =~ s/\000/_NULL_/g;
-    $file =~ s/([ \"\'\`\~\^\?\$\&\|\!<>\(\)\[\]\;\:])/\\$1/g;
+    $file =~ tr/[^A-Za-z0-9\-\_\+\=\.\,]//;
     return $file;
 }
 
diff --git a/mozilla/webtools/bonsai/multidiff.cgi b/mozilla/webtools/bonsai/multidiff.cgi
index 9caf84595bb..645550a46cb 100755
--- a/mozilla/webtools/bonsai/multidiff.cgi
+++ b/mozilla/webtools/bonsai/multidiff.cgi
@@ -83,11 +83,11 @@ for my $k (@revs) {
     my $prevrev = &PrevRev($rev);
     my $fullname = "$cvsroot/$dir/$file,v";
     $fullname = "$cvsroot/$dir/Attic/$file,v" if (! -r $fullname);
-    if (! -r $fullname || IsHidden($fullname)) {
+    if (! -e $fullname || ! -r $fullname || IsHidden($fullname)) {
         next;
     }
     &ChrootFilename($cvsroot, $fullname);
-    open( DIFF, "$rcsdiffcommand -r$prevrev -r$rev -u " . shell_escape($fullname) ." 2>&1|" ) || die "rcsdiff failed\n";
+    open(DIFF, "-|", "$rcsdiffcommand -r$prevrev -r$rev -u " . shell_escape($fullname) . " 2>&1") || die "rcsdiff failed\n";
     while(<DIFF>){
 		if (($_ =~ /RCS file/) || ($_ =~ /rcsdiff/)) { 
 			$_ =~ s/(^.*)(.*\/)(.*)/$1 $3/;
diff --git a/mozilla/webtools/tinderbox/tbglobals.pl b/mozilla/webtools/tinderbox/tbglobals.pl
index 26966ce0be6..15d8501801b 100755
--- a/mozilla/webtools/tinderbox/tbglobals.pl
+++ b/mozilla/webtools/tinderbox/tbglobals.pl
@@ -414,11 +414,10 @@ sub value_encode {
   return $s;
 }
 
-# Quotify a string, suitable for invoking a shell process
+# Only allow characters suitable for invoking a shell process
 sub shell_escape {
     my ($file) = @_;
-    $file =~ s/\000/_NULL_/g;
-    $file =~ s/([ \"\'\`\~\^\?\$\&\|\!<>\(\)\[\]\;\:])/\\$1/g;
+    $file =~ tr/[^A-Za-z0-9\-\_\+\=\.\,]//;
     return $file;
 }