diff options
author | Richard Hansen <rhansen@bbn.com> | 2014-04-21 19:53:09 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2014-04-22 12:37:53 -0700 |
commit | 8976500cbbb13270398d3b3e07a17b8cc7bff43f (patch) | |
tree | b7dc68f4d791a2b9210e8fe0b43abf80117d43b9 /t/t4013/diff.format-patch_--attach_--stdout_initial..master^ | |
parent | Git 1.8.5.5 (diff) | |
download | tgif-8976500cbbb13270398d3b3e07a17b8cc7bff43f.tar.xz |
git-prompt.sh: don't put unsanitized branch names in $PS1
Both bash and zsh subject the value of PS1 to parameter expansion,
command substitution, and arithmetic expansion. Rather than include
the raw, unescaped branch name in PS1 when running in two- or
three-argument mode, construct PS1 to reference a variable that holds
the branch name. Because the shells do not recursively expand, this
avoids arbitrary code execution by specially-crafted branch names such
as '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)'.
Signed-off-by: Richard Hansen <rhansen@bbn.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t4013/diff.format-patch_--attach_--stdout_initial..master^')
0 files changed, 0 insertions, 0 deletions