tighten up ref/file names (warning: possible backward compat breakage)
The backward compat breakage is for people who already have all kinds of
arbitrary characters in filenames *and* use `NAME/` rules. See the doc
change in this commit for details and mitigation. See this link for
background:
8dc5242052
Thanks to Dan Carpenter for the audit.
This commit is contained in:
Sitaram Chamarty
parent
871ed281cc
commit
a07e0d6b5c
5 changed files with 124 additions and 1 deletions
|
|
@ -260,6 +260,21 @@ on feedback from my users to find or fix issues.
|
|||
gitolite that unauthenticated HTTP users are actually authenticated as
|
||||
this user.
|
||||
|
||||
* `$GL_REF_OR_FILENAME_PATT`, string
|
||||
|
||||
Set of allowed characters in refnames (and, if you have `NAME/` rules, in
|
||||
filenames as well). The default pattern is almost the same as
|
||||
`$REPONAME_PATT` with some additions.
|
||||
|
||||
Although the current code is not at risk in any way even if we let in
|
||||
names containing strings like `$(command)`, and although I intend to make
|
||||
sure things stay that way, it's probably a good idea to trap weird
|
||||
filenames early. Just to be safe.
|
||||
|
||||
You ought to be able to loosen the pattern by adding other characters to
|
||||
it, if you really need to. If you do, at least avoid backquotes and the
|
||||
dollar sign!
|
||||
|
||||
<a name="_less_used_changed_variables"></a>
|
||||
|
||||
### less used/changed variables
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue