Merge pull request #400 from intersystems/webui-character-escape

POST requests to /git now accept all types of characters in the request body
intersystems · Jul 8, 2024 · 8442648 · 8442648
2 parents 45e006f + 4c62bad
commit 8442648
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - WebUI works properly for users with %Developer without needing to add further SQL privileges (#365)
 - Fixed `<UNDEFINED>` error running Import All (#380)
 - Discarding changes now recompiles - critical for productions and some other cases (#387)
+- Special characters in WebUI git commands now result in the command being executed properly (#369)
 
 ## [2.3.1] - 2024-04-30
 

diff --git a/cls/SourceControl/Git/PullEventHandler.cls b/cls/SourceControl/Git/PullEventHandler.cls
@@ -45,3 +45,4 @@ ClassMethod ForInternalNames(InternalName As %String) As %Status
 }
 
 }
+
diff --git a/cls/SourceControl/Git/Util/ProductionConflictResolver.cls b/cls/SourceControl/Git/Util/ProductionConflictResolver.cls
@@ -154,3 +154,4 @@ ClassMethod ResolveStream(stream As %Stream.Object)
 }
 
 }
+
diff --git a/cls/SourceControl/Git/Utils.cls b/cls/SourceControl/Git/Utils.cls
@@ -2536,3 +2536,4 @@ ClassMethod BaselineExport(pCommitMessage = "", pPushToRemote = "") As %Status
 }
 
 }
+
diff --git a/cls/SourceControl/Git/WebUIDriver.cls b/cls/SourceControl/Git/WebUIDriver.cls
@@ -89,25 +89,16 @@ ClassMethod HandleRequest(pagePath As %String, InternalName As %String = "", Out
             SimpleHTTPRequestHandler.do_POST(self)
             */
             if (pathStart = "git") {
-                set reference = "%request.Data"
-                for {
-                    set reference = $query(@reference)
-                    quit:reference=""
-                    if $qsubscript(reference,3)="O" {
-                        set args(@reference)=$qsubscript(reference,1)
-                        if $data(%request.Data($qsubscript(reference,1),$qsubscript(reference,2)),argValue)#2 && (argValue '= "") {
-                            set args(@reference)=args(@reference)_"="_argValue
-                        }
-                    }
-                }
+                merge data = %request.Data 
+                set args = data("command",1)
 
                 // Problem: args(1) might contain $c(10) followed by our stdin value
-                if $data(args(1))#2 {
-                    set stdin = $piece(args(1),$char(10),2,*)
-                    set args(1) = $piece(args(1),$char(10))
+                if $data(args)#2 {
+                    set stdin = $piece(args,$char(10),2,*)
+                    set args = $piece(args,$char(10))
                 }
                 set readOnlyCommands = $listbuild("branch","tag","log","ls-files","ls-tree","show","status","diff")
-                set baseCommand = $Piece(args(1)," ")
+                set baseCommand = $Piece(args," ")
 
                 if $listfind(readOnlyCommands,baseCommand) {
                     do %session.Unlock()
@@ -117,7 +108,7 @@ ClassMethod HandleRequest(pagePath As %String, InternalName As %String = "", Out
 
                 // TODO: Don't be lazy! Implement shlex.split in ObjectScript.
                 // The below is just a little bit cheesy.
-                set argList = $listfromstring(args(1)," ")
+                set argList = $listfromstring(args," ")
                 set pointer = 0
                 set inQuotedString = 0
                 while $listnext(argList,pointer,arg) {

diff --git a/git-webui/release/share/git-webui/webui/js/git-webui.js b/git-webui/release/share/git-webui/webui/js/git-webui.js
@@ -119,7 +119,7 @@ webui.git = function(cmd, arg1, arg2, arg3, arg4) {
         var warningCallback = arg4;
     } 
 
-    $.post("git", cmd, function(data, status, xhr) {
+    $.post("git", {command: cmd}, function(data, status, xhr) {
         if (xhr.status == 200) {
             // Convention : last lines are footer meta data like headers. An empty line marks the start if the footers
             var footers = {};

diff --git a/git-webui/src/share/git-webui/webui/js/git-webui.js b/git-webui/src/share/git-webui/webui/js/git-webui.js
@@ -119,7 +119,7 @@ webui.git = function(cmd, arg1, arg2, arg3, arg4) {
         var warningCallback = arg4;
     } 
 
-    $.post("git", cmd, function(data, status, xhr) {
+    $.post("git", {command: cmd}, function(data, status, xhr) {
         if (xhr.status == 200) {
             // Convention : last lines are footer meta data like headers. An empty line marks the start if the footers
             var footers = {};
Original file line number	Diff line number	Diff line change
Expand Up		@@ -45,3 +45,4 @@ ClassMethod ForInternalNames(InternalName As %String) As %Status
		}

		}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -154,3 +154,4 @@ ClassMethod ResolveStream(stream As %Stream.Object)
		}

		}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2536,3 +2536,4 @@ ClassMethod BaselineExport(pCommitMessage = "", pPushToRemote = "") As %Status
		}

		}