From ff4881d7faed2178fbc53b793e55ab734a1658d0 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 27 May 2016 14:06:40 +0200
Subject: [PATCH] Security fixes

---
 Utils/Git/Repository.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Utils/Git/Repository.php b/Utils/Git/Repository.php
index 79062dd78..1b1426e1a 100644
--- a/Utils/Git/Repository.php
+++ b/Utils/Git/Repository.php
@@ -616,8 +616,7 @@ class Repository
      */
     public function getCommit(string $commit) : Commit
     {
-        $commit = escapeshellarg($commit);
-        $lines  = $this->run('show --name-only ' . $commit);
+        $lines  = $this->run('show --name-only ' . escapeshellarg($commit));
         $count  = count($lines);
 
         if (empty($lines)) {
@@ -726,7 +725,7 @@ class Repository
     public function getAdditionsRemovalsByContributor(Author $author, \DateTime $start = null, \DateTime $end = null) : array
     {
         $addremove = ['added' => 0, 'removed' => 0];
-        $lines     = $this->run('log --author="' . $author->getName() . '" --since="' . $start->format('Y-m-d') . '" --before="' . $end->format('Y-m-d') . '" --pretty=tformat: --numstat');
+        $lines     = $this->run('log --author=' . escapeshellarg($author->getName()) . ' --since="' . $start->format('Y-m-d') . '" --before="' . $end->format('Y-m-d') . '" --pretty=tformat: --numstat');
 
         foreach ($lines as $line) {
             $nums = explode(' ', $line);
@@ -776,7 +775,7 @@ class Repository
         if (!isset($author)) {
             $author = '';
         } else {
-            $author = ' --author="' . $author->getName() . '"';
+            $author = ' --author=' . escapeshellarg($author->getName()) . '';
         }
 
         $lines   = $this->run('git log --before="' . $end->format('Y-m-d') . '" --after="' . $start->format('Y-m-d') . '"' . $author . ' --reverse --date=short');