[JIRA] Created: (HUDSON-7053) Quotes in Gerrit parameters not escaped

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Created: (HUDSON-7053) Quotes in Gerrit parameters not escaped

Hudson issues mailing list
Quotes in Gerrit parameters not escaped
---------------------------------------

                 Key: HUDSON-7053
                 URL: http://issues.hudson-ci.org/browse/HUDSON-7053
             Project: Hudson
          Issue Type: Bug
          Components: gerrit-trigger
            Reporter: abayer
            Assignee: rsandell


If there are quotes in the Gerrit change subject, they get passed on when the Ant builder (or, I think, Maven builder) are invoked, but the escaping comes out badly - we should probably escape the quotes in any string, if possible.

{noformat}
ant -file sauce-parallel-runner.xml '-DGERRIT_CHANGE_SUBJECT=Some small changes to "real time" digg count updates:' -DGERRIT_REFSPEC=refs/changes/63/2263/4 -DGERRIT_BRANCH=master -DGERRIT_PATCHSET_NUMBER=4 -DGERRIT_CHANGE_URL=http://review.digg.internal:8080/2263 -DGERRIT_CHANGE_ID=Ie4d4ec03a3576898edc8445a59517ac47a5960b9 -DGERRIT_PATCHSET_REVISION=802b31a9f5da030306746f24bd5906fec6d5d613 -DGERRIT_CHANGE_NUMBER=2263 -DGERRIT_PROJECT=bobcat -Dvhost.subdomain=$NODE_NAME "-Dreplace.twist.tags=!digg, !unstable, !in-progress, smoke" -Dvhost.domain=digg.internal -Dgit.branch=master -Dgit.repo=qa/bobtwist sauce
{noformat}

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.hudson-ci.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[JIRA] Commented: (HUDSON-7053) Quotes in Gerrit parameters not escaped

Hudson issues mailing list

    [ http://issues.hudson-ci.org/browse/HUDSON-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=140411#action_140411 ]

rsandell commented on HUDSON-7053:
----------------------------------

Can we really escape it all the time?
I agree that it needs to be done when for example passed as a parameter to a script of some sort, but there might be scenarios when you don't want it escaped.
Perhaps if you just want to echo it to the build log or if some other plugin is using the parameters it might be "tricky" to un-escape it.

I'm not against it, just trying to see if there is a scenario when the escaped string can cause trouble.

> Quotes in Gerrit parameters not escaped
> ---------------------------------------
>
>                 Key: HUDSON-7053
>                 URL: http://issues.hudson-ci.org/browse/HUDSON-7053
>             Project: Hudson
>          Issue Type: Bug
>          Components: gerrit-trigger
>            Reporter: abayer
>            Assignee: rsandell
>
> If there are quotes in the Gerrit change subject, they get passed on when the Ant builder (or, I think, Maven builder) are invoked, but the escaping comes out badly - we should probably escape the quotes in any string, if possible.
> {noformat}
> ant -file sauce-parallel-runner.xml '-DGERRIT_CHANGE_SUBJECT=Some small changes to "real time" digg count updates:' -DGERRIT_REFSPEC=refs/changes/63/2263/4 -DGERRIT_BRANCH=master -DGERRIT_PATCHSET_NUMBER=4 -DGERRIT_CHANGE_URL=http://review.digg.internal:8080/2263 -DGERRIT_CHANGE_ID=Ie4d4ec03a3576898edc8445a59517ac47a5960b9 -DGERRIT_PATCHSET_REVISION=802b31a9f5da030306746f24bd5906fec6d5d613 -DGERRIT_CHANGE_NUMBER=2263 -DGERRIT_PROJECT=bobcat -Dvhost.subdomain=$NODE_NAME "-Dreplace.twist.tags=!digg, !unstable, !in-progress, smoke" -Dvhost.domain=digg.internal -Dgit.branch=master -Dgit.repo=qa/bobtwist sauce
> {noformat}

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.hudson-ci.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[JIRA] Commented: (HUDSON-7053) Quotes in Gerrit parameters not escaped

Hudson issues mailing list
In reply to this post by Hudson issues mailing list

    [ http://issues.hudson-ci.org/browse/HUDSON-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=143393#action_143393 ]

rsandell commented on HUDSON-7053:
----------------------------------

So I'm thinking that the parameters should be escaped by default, at least the subject.
And then an "advanced option" on the trigger config to disable it doing so.

But my time is very limited at the moment, so I don't know when I will have the time to implement it.

> Quotes in Gerrit parameters not escaped
> ---------------------------------------
>
>                 Key: HUDSON-7053
>                 URL: http://issues.hudson-ci.org/browse/HUDSON-7053
>             Project: Hudson
>          Issue Type: Bug
>          Components: gerrit-trigger
>            Reporter: abayer
>            Assignee: rsandell
>
> If there are quotes in the Gerrit change subject, they get passed on when the Ant builder (or, I think, Maven builder) are invoked, but the escaping comes out badly - we should probably escape the quotes in any string, if possible.
> {noformat}
> ant -file sauce-parallel-runner.xml '-DGERRIT_CHANGE_SUBJECT=Some small changes to "real time" digg count updates:' -DGERRIT_REFSPEC=refs/changes/63/2263/4 -DGERRIT_BRANCH=master -DGERRIT_PATCHSET_NUMBER=4 -DGERRIT_CHANGE_URL=http://review.digg.internal:8080/2263 -DGERRIT_CHANGE_ID=Ie4d4ec03a3576898edc8445a59517ac47a5960b9 -DGERRIT_PATCHSET_REVISION=802b31a9f5da030306746f24bd5906fec6d5d613 -DGERRIT_CHANGE_NUMBER=2263 -DGERRIT_PROJECT=bobcat -Dvhost.subdomain=$NODE_NAME "-Dreplace.twist.tags=!digg, !unstable, !in-progress, smoke" -Dvhost.domain=digg.internal -Dgit.branch=master -Dgit.repo=qa/bobtwist sauce
> {noformat}

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.hudson-ci.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]