From 961d863f8286301cab6e332e6e61886f1550d013 Mon Sep 17 00:00:00 2001 From: Kelsi Date: Tue, 5 May 2026 15:16:20 -0700 Subject: [PATCH] fix: shell injection in gitCommit projectDir, test directory cleanup - gitCommit() now uses double quotes for projectDir consistently with gitPush/gitPull/gitStatus (was single quotes, breaking on paths with apostrophes like "John's Project") - Test suite auto-cleans test_output_formats/ directory via Catch2 event listener after all tests complete (was leaving empty dir) --- tests/test_open_formats.cpp | 10 ++++++++++ tools/editor/editor_project.cpp | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/test_open_formats.cpp b/tests/test_open_formats.cpp index 644dc907..91bcece1 100644 --- a/tests/test_open_formats.cpp +++ b/tests/test_open_formats.cpp @@ -16,6 +16,16 @@ static void ensureTestDir() { std::filesystem::create_directories(TEST_DIR); } +static void cleanupTestDir() { + std::filesystem::remove_all(TEST_DIR); +} + +struct CleanupListener : Catch::EventListenerBase { + using EventListenerBase::EventListenerBase; + void testRunEnded(const Catch::TestRunStats&) override { cleanupTestDir(); } +}; +CATCH_REGISTER_LISTENER(CleanupListener) + // ============== WOB Tests ============== TEST_CASE("WOB save and load round-trip", "[wob]") { diff --git a/tools/editor/editor_project.cpp b/tools/editor/editor_project.cpp index 058caf37..76f666b9 100644 --- a/tools/editor/editor_project.cpp +++ b/tools/editor/editor_project.cpp @@ -85,7 +85,7 @@ bool EditorProject::gitCommit(const std::string& message) const { if (c == '\'' || c == '\\') safe += '\\'; safe += c; } - int ret = std::system(("cd '" + projectDir + "' && git add -A && " + int ret = std::system(("cd \"" + projectDir + "\" && git add -A && " "git commit -m '" + safe + "'").c_str()); return ret == 0; }