From 6e907f26475f16ad7d3e02aa64138e0fe35bb6b9 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Thu, 9 Aug 2018 18:26:55 +0100
Subject: Harden gitlab-shell against arguments following the gl_id parameter
 in the command line

---
 bin/gitlab-shell | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'bin/gitlab-shell')

diff --git a/bin/gitlab-shell b/bin/gitlab-shell
index ae751d7..93a79f6 100755
--- a/bin/gitlab-shell
+++ b/bin/gitlab-shell
@@ -19,7 +19,7 @@ require File.join(ROOT_PATH, 'lib', 'gitlab_shell')
 
 # We must match e.g. "key-12345" anywhere on the command-line. See
 # https://gitlab.com/gitlab-org/gitlab-shell/issues/145
-who = /\b(?:(?:key|user)-[0-9]+|username-\S+)\b/.match(ARGV.join).to_s;
+who = /\b(?:(?:key|user)-[0-9]+|username-\S+)\b/.match(ARGV.join(' ')).to_s
 
 if GitlabShell.new(who).exec(original_cmd)
   exit 0
-- 
cgit v1.2.1