From 762b4a288f88442ee8704b8c2073e74da68fd797 Mon Sep 17 00:00:00 2001
From: Marty Oehme <contact@martyoeh.me>
Date: Sat, 29 Nov 2025 18:28:52 +0100
Subject: [PATCH] fix: Correct whitespace separation on editor shell call

Switch to using 'sequence'-delineated arguments given to the subprocess
run call to correctly handle whitespace.
Also check the output, so we exit if we have an error.
Test accordingly.
---
 test/test_cli.py | 11 +++++++++++
 topen.py         |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 test/test_cli.py

diff --git a/test/test_cli.py b/test/test_cli.py
new file mode 100644
index 0000000..fe70abb
--- /dev/null
+++ b/test/test_cli.py
@@ -0,0 +1,11 @@
+from pathlib import Path
+from unittest.mock import Mock, patch
+
+from topen import add_annotation, open_editor
+
+
+def test_open_editor_escapes_shell():
+    """Ensure filenames with spaces/metas do not allow shell injection."""
+    with patch("subprocess.run") as run_mock:
+        open_editor(Path("my note$1.txt"), "vim")
+    run_mock.assert_called_once_with(["vim", "my note$1.txt"], check=True)
diff --git a/topen.py b/topen.py
index 05c3f16..03f559a 100755
--- a/topen.py
+++ b/topen.py
@@ -97,7 +97,7 @@ def get_notes_file(uuid: str, notes_dir: Path, notes_ext: str) -> Path:
 
 def open_editor(file: Path, editor: str) -> None:
     """Opens a file with the chosen editor."""
-    _ = subprocess.run(f"{editor} {file}", shell=True)
+    _ = subprocess.run([editor, str(file)], check=True)
 
 
 def is_annotation_missing(task: Task, annotation_content: str) -> bool: