~edwargix/git.sr.ht: archive: fix command injection

3dcb94204fcb8d78cf606f71a9b0ce943b38abe8 — Drew DeVault 1 year, 8 months ago b063dbd master

archive: fix command injection

patch browse .tar.gz

1 files changed, 1 insertions(+), 0 deletions(-)

M gitsrht/blueprints/repo.py

M gitsrht/blueprints/repo.py => gitsrht/blueprints/repo.py +1 -0

@@ 427,6 427,7 @@ def archive(owner, repo, ref):
             "archive",
             "--format=tar.gz",
             "--prefix", f"{repo.name}-{refname}/",
+            "--",
             ref
         ]
         subp = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=sys.stderr)