From 0c5cd64b83ef79040b0d150cb6a71d405fe26f06 Mon Sep 17 00:00:00 2001 From: Paul Gauthier Date: Sat, 31 Aug 2024 15:36:41 -0700 Subject: [PATCH] refactor: use shlex.join for safer command string representation --- aider/utils.py | 3 ++- aider/versioncheck.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/aider/utils.py b/aider/utils.py index 48849f567..858c57649 100644 --- a/aider/utils.py +++ b/aider/utils.py @@ -1,5 +1,6 @@ import itertools import os +import shlex import subprocess import sys import tempfile @@ -314,7 +315,7 @@ def check_pip_install_extra(io, module, prompt, pip_install_cmd): if prompt: io.tool_error(prompt) - if not io.confirm_ask("Run pip install?", default="y", subject=" ".join(cmd)): + if not io.confirm_ask("Run pip install?", default="y", subject=shlex.join(cmd)): return success, output = run_install(cmd) diff --git a/aider/versioncheck.py b/aider/versioncheck.py index 883fd82f1..83221139a 100644 --- a/aider/versioncheck.py +++ b/aider/versioncheck.py @@ -1,4 +1,5 @@ import os +import shlex import sys import time from pathlib import Path @@ -96,7 +97,7 @@ Newer aider version v{latest_version} is available. To upgrade, run: text = f"Newer aider version v{latest_version} is available. To upgrade, run:" io.tool_error(text) - if io.confirm_ask("Run pip install?", subject=" ".join(cmd)): + if io.confirm_ask("Run pip install?", subject=shlex.join(cmd)): success, output = utils.run_install(cmd) if success: io.tool_output("Re-run aider to use new version.")