Google Git
Sign in
code/git/b10d0ec7321a6bd6cc1a62f44fee305a0d184dca
commit
b10d0ec7321a6bd6cc1a62f44fee305a0d184dca
[log]
author
Junio C Hamano <junkio@cox.net>
Fri Jul 08 00:02:52 2005 -0700
committer
Linus Torvalds <torvalds@g5.osdl.org>
Fri Jul 08 11:01:10 2005 -0700
tree
35c8f091000fc8ff32e60d6a530d8d650c874c66
parent
6fb737be5e4803feabe0d1b6169de36131936368 [diff]
[PATCH] Use sq_quote() to properly quote the parameter to call shell.

This tries to be more lenient to the users and stricter to the
attackers by quoting the input properly for shell safety,
instead of forbidding certain characters from the input.

Things to note:

 - We do not quote "prog" parameter (which comes from --exec).
   The user should know what he is doing.  --exec='echo foo'
   will supply the first two parameters to the resulting
   command, while --exec="'echo foo'" will give the first
   parameter, a single string with a space inside.

 - We do not care too much about leaking the sq_quote() output
   just before running exec().

Signed-off-by: Junio C Hamano <junkio@cox.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1 file changed
tree: 35c8f091000fc8ff32e60d6a530d8d650c874c66
  1. Documentation/
  2. mozilla-sha1/
  3. ppc/
  4. t/
  5. apply.c
  6. blob.c
  7. blob.h
  8. cache.h
  9. cat-file.c
  10. check-files.c
  11. checkout-cache.c
  12. clone-pack.c
  13. commit-tree.c
  14. commit.c
  15. commit.h
  16. connect.c
  17. convert-cache.c
  18. COPYING
  19. count-delta.c
  20. count-delta.h
  21. csum-file.c
  22. csum-file.h
  23. date.c
  24. delta.h
  25. diff-cache.c
  26. diff-delta.c
  27. diff-files.c
  28. diff-helper.c
  29. diff-stages.c
  30. diff-tree.c
  31. diff.c
  32. diff.h
  33. diffcore-break.c
  34. diffcore-order.c
  35. diffcore-pathspec.c
  36. diffcore-pickaxe.c
  37. diffcore-rename.c
  38. diffcore.h
  39. entry.c
  40. epoch.c
  41. epoch.h
  42. export.c
  43. fetch-pack.c
  44. fsck-cache.c
  45. get-tar-commit-id.c
  46. git
  47. git-add-script
  48. git-apply-patch-script
  49. git-checkout-script
  50. git-cherry
  51. git-clone-script
  52. git-commit-script
  53. git-cvsimport-script
  54. git-diff-script
  55. git-external-diff-script
  56. git-fetch-script
  57. git-format-patch-script
  58. git-log-script
  59. git-merge-one-file-script
  60. git-prune-script
  61. git-pull-script
  62. git-rebase-script
  63. git-relink-script
  64. git-repack-script
  65. git-reset-script
  66. git-resolve-script
  67. git-sh-setup-script
  68. git-shortlog
  69. git-status-script
  70. git-tag-script
  71. git-verify-tag-script
  72. git-whatchanged
  73. git.spec.in
  74. gitenv.c
  75. gitk
  76. http-pull.c
  77. index.c
  78. init-db.c
  79. INSTALL
  80. local-pull.c
  81. ls-files.c
  82. ls-tree.c
  83. Makefile
  84. merge-base.c
  85. merge-cache.c
  86. mktag.c
  87. object.c
  88. object.h
  89. pack-check.c
  90. pack-objects.c
  91. pack.h
  92. patch-delta.c
  93. patch-id.c
  94. pkt-line.c
  95. pkt-line.h
  96. prune-packed.c
  97. pull.c
  98. pull.h
  99. quote.c
  100. quote.h
  101. read-cache.c
  102. read-tree.c
  103. README
  104. receive-pack.c
  105. refs.c
  106. refs.h
  107. rev-list.c
  108. rev-parse.c
  109. rev-tree.c
  110. rsh.c
  111. rsh.h
  112. send-pack.c
  113. sha1_file.c
  114. show-index.c
  115. ssh-pull.c
  116. ssh-push.c
  117. strbuf.c
  118. strbuf.h
  119. stripspace.c
  120. tag.c
  121. tag.h
  122. tar-tree.c
  123. test-date.c
  124. test-delta.c
  125. tree.c
  126. tree.h
  127. unpack-file.c
  128. unpack-objects.c
  129. update-cache.c
  130. upload-pack.c
  131. usage.c
  132. verify-pack.c
  133. write-blob.c
  134. write-tree.c