[
http://jira.codehaus.org/browse/WAGON-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=198353#action_198353
]
Tuure Laurinolli commented on WAGON-292:
----------------------------------------
Re-reading the code now that I'm less tired, I think this is actually a bug in
Plexus bourne shell interaction.
> wagon-ssh-external doesn't protect file names from shell variable expansion
> ---------------------------------------------------------------------------
>
> Key: WAGON-292
> URL: http://jira.codehaus.org/browse/WAGON-292
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-ssh-external
> Affects Versions: 1.0-beta-2, 1.0-beta-3, 1.0-beta-4, 1.0-beta-5,
> 1.0-beta-6
> Environment: Originally produced with wagon-1.0-beta-2, but no
> relevant code changes are apparent in wagon-1.0-beta-6
> Reporter: Tuure Laurinolli
>
> When constructing SCP command line in ScpExternalWagon#executeScpCommand(...)
> file names are not processed in any way. Since the command is executed via a
> shell, the raw, correct file names are subject to shell variable expansion.
> This is problematic at least when wagon-ssh-external is used as deployment
> target in Hudson, whch apparently uses path names like groupId$artifactId in
> the path that to files that are to be deployed.
> Surrounding the file names with single quotes should enough to prevent
> expansion. Arguably this is something that should be done by the Plexus
> utility when argument contents are set with Arg.setFile(...), but it doesn't
> do that and Wagon doesn't use .setFile(...) anyway (and probably couldn't for
> the remote file).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
