<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/connect.c, branch v0.99</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v0.99</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v0.99'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2005-07-08T18:01:10Z</updated>
<entry>
<title>[PATCH] Use sq_quote() to properly quote the parameter to call shell.</title>
<updated>2005-07-08T18:01:10Z</updated>
<author>
<name>Junio C Hamano</name>
<email>junkio@cox.net</email>
</author>
<published>2005-07-08T07:02:52Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b10d0ec7321a6bd6cc1a62f44fee305a0d184dca'/>
<id>urn:sha1:b10d0ec7321a6bd6cc1a62f44fee305a0d184dca</id>
<content type='text'>
This tries to be more lenient to the users and stricter to the
attackers by quoting the input properly for shell safety,
instead of forbidding certain characters from the input.

Things to note:

 - We do not quote "prog" parameter (which comes from --exec).
   The user should know what he is doing.  --exec='echo foo'
   will supply the first two parameters to the resulting
   command, while --exec="'echo foo'" will give the first
   parameter, a single string with a space inside.

 - We do not care too much about leaking the sq_quote() output
   just before running exec().

Signed-off-by: Junio C Hamano &lt;junkio@cox.net&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@osdl.org&gt;
</content>
</entry>
<entry>
<title>Mark more characters shell-safe.</title>
<updated>2005-07-08T00:59:23Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@g5.osdl.org</email>
</author>
<published>2005-07-08T00:59:23Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=924e1219548253a1eaf744c1ea61a8466ec98d63'/>
<id>urn:sha1:924e1219548253a1eaf744c1ea61a8466ec98d63</id>
<content type='text'>
I still worry about just quoting things when passing it off to "ssh" or
"sh -c", so I'm being anal.  But _, ^ and , are certainly ok and while
both ~ and @ can have speacial meaning to shell/ssh they are benign.
</content>
</entry>
<entry>
<title>Move "get_ack()" to common git_connect functions</title>
<updated>2005-07-05T22:44:09Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@g5.osdl.org</email>
</author>
<published>2005-07-05T22:44:09Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=41cb7488b9e5998ce1d665bbe10beca0a0f69c1c'/>
<id>urn:sha1:41cb7488b9e5998ce1d665bbe10beca0a0f69c1c</id>
<content type='text'>
git-clone-pack will want it too. Soon.
</content>
</entry>
<entry>
<title>Move ref path matching to connect.c library</title>
<updated>2005-07-04T20:24:30Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@g5.osdl.org</email>
</author>
<published>2005-07-04T20:24:30Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=013e7c7ff498aae82d799f80da37fbd395545456'/>
<id>urn:sha1:013e7c7ff498aae82d799f80da37fbd395545456</id>
<content type='text'>
It's a generic thing for matching refs from the other side.
</content>
</entry>
<entry>
<title>Factor out the ssh connection stuff from send-pack.c</title>
<updated>2005-07-04T18:57:58Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@g5.osdl.org</email>
</author>
<published>2005-07-04T18:57:58Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f71925983ddc365c167559ecc623f2c000607cda'/>
<id>urn:sha1:f71925983ddc365c167559ecc623f2c000607cda</id>
<content type='text'>
I want to use it for git-fetch-pack too.
</content>
</entry>
</feed>
