Fix command injection · gitpython-developers/GitPython@fbf9c7e
@@ -964,7 +964,7 @@ def fetch(
964964args = [refspec]
965965966966proc = self.repo.git.fetch(
967-self, *args, as_process=True, with_stdout=False, universal_newlines=True, v=verbose, **kwargs
967+"--", self, *args, as_process=True, with_stdout=False, universal_newlines=True, v=verbose, **kwargs
968968 )
969969res = self._get_fetch_info_from_stderr(proc, progress, kill_after_timeout=kill_after_timeout)
970970if hasattr(self.repo.odb, "update_cache"):
@@ -991,7 +991,7 @@ def pull(
991991self._assert_refspec()
992992kwargs = add_progress(kwargs, self.repo.git, progress)
993993proc = self.repo.git.pull(
994-self, refspec, with_stdout=False, as_process=True, universal_newlines=True, v=True, **kwargs
994+"--", self, refspec, with_stdout=False, as_process=True, universal_newlines=True, v=True, **kwargs
995995 )
996996res = self._get_fetch_info_from_stderr(proc, progress, kill_after_timeout=kill_after_timeout)
997997if hasattr(self.repo.odb, "update_cache"):
@@ -1034,6 +1034,7 @@ def push(
10341034 be 0."""
10351035kwargs = add_progress(kwargs, self.repo.git, progress)
10361036proc = self.repo.git.push(
1037+"--",
10371038self,
10381039refspec,
10391040porcelain=True,