summaryrefslogtreecommitdiff
path: root/connect.c
AgeCommit message (Collapse)AuthorFilesLines
2005-07-08[PATCH] Use sq_quote() to properly quote the parameter to call shell.Libravatar Junio C Hamano1-30/+3
This tries to be more lenient to the users and stricter to the attackers by quoting the input properly for shell safety, instead of forbidding certain characters from the input. Things to note: - We do not quote "prog" parameter (which comes from --exec). The user should know what he is doing. --exec='echo foo' will supply the first two parameters to the resulting command, while --exec="'echo foo'" will give the first parameter, a single string with a space inside. - We do not care too much about leaking the sq_quote() output just before running exec(). Signed-off-by: Junio C Hamano <junkio@cox.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-07Mark more characters shell-safe.Libravatar Linus Torvalds1-1/+3
I still worry about just quoting things when passing it off to "ssh" or "sh -c", so I'm being anal. But _, ^ and , are certainly ok and while both ~ and @ can have speacial meaning to shell/ssh they are benign.
2005-07-05Move "get_ack()" to common git_connect functionsLibravatar Linus Torvalds1-0/+19
git-clone-pack will want it too. Soon.
2005-07-04Move ref path matching to connect.c libraryLibravatar Linus Torvalds1-0/+21
It's a generic thing for matching refs from the other side.
2005-07-04Factor out the ssh connection stuff from send-pack.cLibravatar Linus Torvalds1-0/+86
I want to use it for git-fetch-pack too.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 06:44:03 +0000