summaryrefslogtreecommitdiff
path: root/git-submodule.sh
diff options
context:
space:
mode:
Diffstat (limited to 'git-submodule.sh')
-rwxr-xr-xgit-submodule.sh13
1 files changed, 11 insertions, 2 deletions
diff --git a/git-submodule.sh b/git-submodule.sh
index 9245abfd42..82e35582cd 100755
--- a/git-submodule.sh
+++ b/git-submodule.sh
@@ -22,6 +22,15 @@ require_work_tree
wt_prefix=$(git rev-parse --show-prefix)
cd_to_toplevel
+# Restrict ourselves to a vanilla subset of protocols; the URLs
+# we get are under control of a remote repository, and we do not
+# want them kicking off arbitrary git-remote-* programs.
+#
+# If the user has already specified a set of allowed protocols,
+# we assume they know what they're doing and use that instead.
+: ${GIT_ALLOW_PROTOCOL=file:git:http:https:ssh}
+export GIT_ALLOW_PROTOCOL
+
command=
branch=
force=
@@ -423,7 +432,7 @@ cmd_add()
sed -e '
s|//*|/|g
s|^\(\./\)*||
- s|/\./|/|g
+ s|/\(\./\)*|/|g
:start
s|\([^/]*\)/\.\./||
tstart
@@ -904,7 +913,7 @@ Maybe you want to use 'update --init'?")"
;;
!*)
command="${update_module#!}"
- die_msg="$(eval_gettext "Execution of '\$command \$sha1' failed in submodule path '\$prefix\$sm_path'")"
+ die_msg="$(eval_gettext "Execution of '\$command \$sha1' failed in submodule path '\$prefix\$sm_path'")"
say_msg="$(eval_gettext "Submodule path '\$prefix\$sm_path': '\$command \$sha1'")"
must_die_on_failure=yes
;;