summaryrefslogtreecommitdiff
path: root/usage.c
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <junkio@cox.net>2005-07-08 00:02:52 -0700
committerLibravatar Linus Torvalds <torvalds@g5.osdl.org>2005-07-08 11:01:10 -0700
commitb10d0ec7321a6bd6cc1a62f44fee305a0d184dca (patch)
tree35c8f091000fc8ff32e60d6a530d8d650c874c66 /usage.c
parent[PATCH] Make sq_expand() available as sq_quote(). (diff)
downloadtgif-b10d0ec7321a6bd6cc1a62f44fee305a0d184dca.tar.xz
[PATCH] Use sq_quote() to properly quote the parameter to call shell.
This tries to be more lenient to the users and stricter to the attackers by quoting the input properly for shell safety, instead of forbidding certain characters from the input. Things to note: - We do not quote "prog" parameter (which comes from --exec). The user should know what he is doing. --exec='echo foo' will supply the first two parameters to the resulting command, while --exec="'echo foo'" will give the first parameter, a single string with a space inside. - We do not care too much about leaking the sq_quote() output just before running exec(). Signed-off-by: Junio C Hamano <junkio@cox.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'usage.c')
0 files changed, 0 insertions, 0 deletions