From 0e4f521c72c5d2a03bd314250eb423c53a738f3c Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Sat, 15 Sep 2012 14:37:57 +0800 Subject: [PATCH 1/3] Issue #1471178 by sun: Increases security by escaping shell arguments. --- git_deploy.module | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/git_deploy.module b/git_deploy.module index e35ff7c..f73ad03 100644 --- a/git_deploy.module +++ b/git_deploy.module @@ -29,7 +29,7 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { $git_dir = "$directory/.git"; // Theoretically /.git could exist. if ($directory && file_exists($git_dir)) { - $git = "git --git-dir $git_dir"; + $git = "git --git-dir " . escapeshellarg($git_dir); // Find first the project name based on fetch URL. // Eat error messages. >& is valid on Windows, too. Also, $output does // not need initialization because it's taken by reference. @@ -58,7 +58,7 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { // Now try to find a tag. exec("$git rev-list --topo-order --max-count=1 HEAD 2>&1", $last_tag_hash); if ($last_tag_hash) { - exec("$git describe --tags $last_tag_hash[0] 2>&1", $last_tag); + exec("$git describe --tags " . escapeshellarg($last_tag_hash[0]) . " 2>&1", $last_tag); if ($last_tag) { $last_tag = $last_tag[0]; // Make sure the tag starts as Drupal formatted (for eg. @@ -77,7 +77,7 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { // The git log -1 command always succeeds and if we are not on a // tag this will happen to return the time of the last commit which // is exactly what we wanted. - exec("$git log -1 --pretty=format:%at $last_tag 2>&1", $datestamp); + exec("$git log -1 --pretty=format:%at " . escapeshellarg($last_tag) . " 2>&1", $datestamp); if ($datestamp && is_numeric($datestamp[0])) { $info['datestamp'] = $datestamp[0]; } -- 1.7.9.5 From 2a2962a13d51eb3f4c3e33e548cd02f4bf3f89c2 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Sat, 15 Sep 2012 15:34:19 +0800 Subject: [PATCH 2/3] Issue #1511112: git_deploy slows down module install/enable massively. --- git_deploy.module | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/git_deploy.module b/git_deploy.module index f73ad03..eca83de 100644 --- a/git_deploy.module +++ b/git_deploy.module @@ -29,6 +29,13 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { $git_dir = "$directory/.git"; // Theoretically /.git could exist. if ($directory && file_exists($git_dir)) { + // Get cached values and return ASAP. + if ($cache = cache_get('git_deploy:' . $directory . ':' . filemtime($git_dir))) { + $info['datestamp'] = $cache->data['datestamp']; + $info['project'] = $cache->data['project']; + $info['version'] = $cache->data['version']; + return; + } $git = "git --git-dir " . escapeshellarg($git_dir); // Find first the project name based on fetch URL. // Eat error messages. >& is valid on Windows, too. Also, $output does @@ -81,6 +88,11 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { if ($datestamp && is_numeric($datestamp[0])) { $info['datestamp'] = $datestamp[0]; } + // Save values into cache. + foreach (array('datestamp', 'project', 'version') as $key) { + $cache[$key] = isset($info[$key]) ? $info[$key] : NULL; + } + cache_set('git_deploy:' . $directory . ':' . filemtime($git_dir), $cache); } } } -- 1.7.9.5 From 662bbf33a4b6c86147381487e95effa29f6a3cad Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Sat, 15 Sep 2012 19:49:01 +0800 Subject: [PATCH 3/3] Issue #1511112 by fgm: git_deploy slows down module install/enable massively. --- git_deploy.module | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/git_deploy.module b/git_deploy.module index eca83de..f43e6f5 100644 --- a/git_deploy.module +++ b/git_deploy.module @@ -29,14 +29,16 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { $git_dir = "$directory/.git"; // Theoretically /.git could exist. if ($directory && file_exists($git_dir)) { + $git = "git --git-dir " . escapeshellarg($git_dir); // Get cached values and return ASAP. - if ($cache = cache_get('git_deploy:' . $directory . ':' . filemtime($git_dir))) { + exec("$git rev-parse --verify HEAD 2>&1", $head_hash); + $head_hash = $head_hash[0]; + if ($cache = cache_get("git_deploy:$directory:$head_hash")) { $info['datestamp'] = $cache->data['datestamp']; $info['project'] = $cache->data['project']; $info['version'] = $cache->data['version']; return; } - $git = "git --git-dir " . escapeshellarg($git_dir); // Find first the project name based on fetch URL. // Eat error messages. >& is valid on Windows, too. Also, $output does // not need initialization because it's taken by reference. @@ -92,7 +94,7 @@ function git_deploy_system_info_alter(&$info, $file, $type = NULL) { foreach (array('datestamp', 'project', 'version') as $key) { $cache[$key] = isset($info[$key]) ? $info[$key] : NULL; } - cache_set('git_deploy:' . $directory . ':' . filemtime($git_dir), $cache); + cache_set("git_deploy:$directory:$head_hash", $cache); } } } -- 1.7.9.5