ld/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2025-05-10 14:21:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Fix] nvm_download: ensure all args are quoted

Browse Source 
Fixes #3411.
This commit is contained in:
Jordan Harband 2024-08-20 22:33:38 -07:00
parent 863bd63cfa
commit 0ce8f5a52f
No known key found for this signature in database
GPG Key ID: 9F6A681E35EF8B56
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nvm.sh
View File

@ -128,7 +128,12 @@ nvm_download() {
if nvm_curl_use_compression; then if nvm_curl_use_compression; then
CURL_COMPRESSED_FLAG="--compressed" CURL_COMPRESSED_FLAG="--compressed"
fi fi
eval "curl -q --fail ${CURL_COMPRESSED_FLAG:-} ${CURL_HEADER_FLAG:-} $*" local NVM_DOWNLOAD_ARGS
NVM_DOWNLOAD_ARGS=''
for arg in "$@"; do
NVM_DOWNLOAD_ARGS="${NVM_DOWNLOAD_ARGS} \"$arg\""
done
eval "curl -q --fail ${CURL_COMPRESSED_FLAG:-} ${CURL_HEADER_FLAG:-} ${NVM_DOWNLOAD_ARGS}"
elif nvm_has "wget"; then elif nvm_has "wget"; then
# Emulate curl with wget # Emulate curl with wget
ARGS=$(nvm_echo "$@" | command sed -e 's/--progress-bar /--progress=bar /' \ ARGS=$(nvm_echo "$@" | command sed -e 's/--progress-bar /--progress=bar /' \

3
test/fast/Unit tests/nvm_download
View File

@ -25,4 +25,7 @@ NVM_AUTH_HEADER="Bearer test-token" nvm_download "http://127.0.0.1/bearer" > /de
nvm_download "http://127.0.0.1/bearer" > /dev/null && die 'nvm_download with no auth header should not send the header and should fail' nvm_download "http://127.0.0.1/bearer" > /dev/null && die 'nvm_download with no auth header should not send the header and should fail'
docker stop httpbin && docker rm httpbin docker stop httpbin && docker rm httpbin
# ensure quoted extra args remain quoted
nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/install.sh" -o "; die quoted-command-not-quoted" || die 'command failed'
cleanup cleanup

2
test/install_script/nvm_download Normal file → Executable file
View File

@ -12,7 +12,7 @@ nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/install.sh" >/de
# nvm_download should fail to download wrong_install.sh # nvm_download should fail to download wrong_install.sh
if nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/wrong_install.sh" &>/dev/null; then if nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/wrong_install.sh" &>/dev/null; then
die "nvm_download should fail to download no existing file" die "nvm_download should fail to download nonexistent file"
fi fi
cleanup cleanup