From 281a73f0308afb85eea5b4d29422031c06132429 Mon Sep 17 00:00:00 2001
From: David McLean <gopsychonauts@gmail.com>
Date: Sun, 11 Aug 2013 14:29:18 +1000
Subject: Run Coms using runInteractiveProcess, not runInteractiveCommand

The API exposed by Com is command -> [arguments] -> alias -> timeout -> Com.
Since the command and arguments are separated like this, one would assume that
the command is run "safely": The arguments are already separated in the arg
list, so the command should be run without passing through a shell, which
ensures that stray shell metacharacters in the arguments don't mess up
anything.

However, previous versions simply joined the command with its arguments into
one string and then passed that string into a shell to run. This is
counter-intuitive given the seemingly "safe" API exposed by Com, so using
runInteractiveProcess instead is the correct implementation.

Note that users may still run commands that need shells by being explicit about
it, like this:

	Run Com "/bin/bash" ["-c", "command | nextCommand & parallelCommand"] 60
---
 src/Commands.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Commands.hs b/src/Commands.hs
index a4ab5ed..e4402fc 100644
--- a/src/Commands.hs
+++ b/src/Commands.hs
@@ -62,7 +62,7 @@ instance Exec Command where
     start (Com prog args _ r) cb = if r > 0 then go else exec
         where go = exec >> tenthSeconds r >> go
               exec = do
-                (i,o,e,p) <- runInteractiveCommand (unwords (prog:args))
+                (i,o,e,p) <- runInteractiveProcess prog args Nothing Nothing
                 exit <- waitForProcess p
                 let closeHandles = hClose o >> hClose i >> hClose e
                     getL = handle (\(SomeException _) -> return "")
-- 
cgit v1.2.3