(fwd) [PATCH] Use eval() to shell-parse $EDITOR for pass-edit

[martin f. krafft]

Hello,

Wondering if there's anything I can do to further facilitate·
acceptance of this patch I sent 3 months ago?

Thank you,
martin

----- Forwarded message from "martin f. krafft" <madduck at madduck.net> -----

Date: Mon, 12 Aug 2019 17:21:23 +1200
From: "martin f. krafft" <madduck at madduck.net>
To: password-store at lists.zx2c4.com
Cc: "martin f. krafft" <madduck at madduck.net>
Subject: [PATCH] Use eval() to shell-parse $EDITOR for
	pass-edit
Message-Id: <20190812052123.21737-1-madduck at madduck.net>
X-Spam: no (crm114:16.49 SA:-102.1)
X-Justme: from machine in my domain

Enables shell-parsing of $EDITOR when executing its contents on
temporary files during `pass edit`.

Previously, trying to invoke e.g. vim with a set of commands, such as

```
vim -c 'set nostmp'
```

would result in `pass` calling

```
execve("/usr/bin/vim", ["vim", "-c", "'set", "nostmp'", "/dev/shm/pass.…"...], …
```

i.e. it would ignore quotes when splitting up the command line.

With this patch, the editor is properly called:

```
execve("/usr/bin/vim", ["vim", "-c", "set nostmp", "/dev/shm/pass.…"...], …
```

Signed-off-by: martin f. krafft <madduck at madduck.net>
---
  src/password-store.sh     |  2 +-
  tests/t0201-edit-tests.sh | 17 +++++++++++++++++
  2 files changed, 18 insertions(+), 1 deletion(-)
  create mode 100755 tests/t0201-edit-tests.sh

diff --git a/src/password-store.sh b/src/password-store.sh
index 1d119f2..46425f9 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -497,7 +497,7 @@ cmd_edit() {
  		$GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1
  		action="Edit"
  	fi
-	${EDITOR:-vi} "$tmp_file"
+	eval ${EDITOR:-vi} "$tmp_file"
  	[[ -f $tmp_file ]] || die "New password not saved."
  	$GPG -d -o - "${GPG_OPTS[@]}" "$passfile" 2>/dev/null | diff - "$tmp_file" &>/dev/null && die "Password unchanged."
  	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
diff --git a/tests/t0201-edit-tests.sh b/tests/t0201-edit-tests.sh
new file mode 100755
index 0000000..8f32881
--- /dev/null
+++ b/tests/t0201-edit-tests.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+test_description='Test edit with spaces in $EDITOR'
+cd "$(dirname "$0")"
+. ./setup.sh
+
+test_expect_success 'Test shell-parsing of $EDITOR' '
+	"$PASS" init $KEY1 &&
+	"$PASS" generate cred1 90 &&
+	export PASSWORD_WITH_SPACE="Password with space" &&
+	export EDITOR="sed -i -e \"1s,^.*\$,$PASSWORD_WITH_SPACE,\"" &&
+	"$PASS" edit cred1 2> /tmp/cred1 &&
+	"$PASS" show cred1 > /tmp/cred1 &&
+	[[ $("$PASS" show cred1) == "$PASSWORD_WITH_SPACE" ]]
+'
+
+test_done

-- 
@martinkrafft | https://riot.im/app/#/room/#madduck:madduck.net
  
"when a gentoo admin tells me that the KISS principle is good for
  'busy sysadmins', and that it's not an evolutionary step backwards,
  i wonder whether their tape is already running backwards."
  
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191128/9ac48507/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1187 bytes
Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191128/9ac48507/attachment.asc>