diff options
| author |  Jeff King <peff@peff.net> | 2018-09-24 04:42:19 -0400 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2018-09-27 11:41:31 -0700 |
| commit | 1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404 (patch) | |
| tree | 21ce7a9d3b8950940434751b3acf0df0ae22c3cf /t/t4135/git-plain.diff | |
| parent | fsck: detect submodule urls starting with dash (diff) | |
| download | tgif-1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404.tar.xz | |
fsck: detect submodule paths starting with dash
As with urls, submodule paths with dashes are ignored by
git, but may end up confusing older versions. Detecting them
via fsck lets us prevent modern versions of git from being a
vector to spread broken .gitmodules to older versions.
Compared to blocking leading-dash urls, though, this
detection may be less of a good idea:
1. While such paths provide confusing and broken results,
they don't seem to actually work as option injections
against anything except "cd". In particular, the
submodule code seems to canonicalize to an absolute
path before running "git clone" (so it passes
/your/clone/-sub).
2. It's more likely that we may one day make such names
actually work correctly. Even after we revert this fsck
check, it will continue to be a hassle until hosting
servers are all updated.
On the other hand, it's not entirely clear that the behavior
in older versions is safe. And if we do want to eventually
allow this, we may end up doing so with a special syntax
anyway (e.g., writing "./-sub" in the .gitmodules file, and
teaching the submodule code to canonicalize it when
comparing).
So on balance, this is probably a good protection.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t4135/git-plain.diff')
0 files changed, 0 insertions, 0 deletions