commit messages not properly escaped for linux: `ping www.google.de -c 2`

[colin-kiegel]

`...` is often used for code fragments in markdown

If you use this style inside a commit message on linux, it will be interpreted by the shell. While this is to be expected by git running on the command line, it is a bit surprising for a GUI wrapper like atom-git-control. Entering commit message

`ping www.google.de -c 2`

results in this commit message

    PING www.google.de (173.194.112.247) 56(84) bytes of data.
    64 bytes from fra02s18-in-f23.1e100.net (173.194.112.247): icmp_seq=1 ttl=56 time=24.3 ms
    64 bytes from fra02s18-in-f23.1e100.net (173.194.112.247): icmp_seq=2 ttl=56 time=24.3 ms

    --- www.google.de ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 999ms
    rtt min/avg/max/mdev = 24.319/24.335/24.351/0.016 ms

The behaviour will probably differ for other OS. I think a GUI-wrapper should try to escape this or not execute git in the usual shell context.

[AaronFriel]

I just hit this issue here: https://github.com/commercialhaskell/stack/pull/2305/commits/675f834b2ea46963206d48cd84ec19efa833040a

[NTICompass]

I tried to make a commit message saying

Save Stripe `acct_` keys in database

And, git-control, in the console showed: /bin/sh: acct_: command not found.

The commit then had a message of:

Save Stripe  keys in database

[colin-kiegel]

so far all examples were harmless, but it is easy to imagine commit messages, where this bug would really eat your laundry!

Just consider sanitize input likerm *`` <-- don't try this or say goodbye to your repository! ;-)