From 3dcb94204fcb8d78cf606f71a9b0ce943b38abe8 Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Sat, 1 Apr 2023 15:07:15 +0200
Subject: [PATCH] archive: fix command injection

---
 gitsrht/blueprints/repo.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gitsrht/blueprints/repo.py b/gitsrht/blueprints/repo.py
index 78402f4..7f40a24 100644
--- a/gitsrht/blueprints/repo.py
+++ b/gitsrht/blueprints/repo.py
@@ -427,6 +427,7 @@ def archive(owner, repo, ref):
             "archive",
             "--format=tar.gz",
             "--prefix", f"{repo.name}-{refname}/",
+            "--",
             ref
         ]
         subp = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=sys.stderr)
-- 
2.38.4