Alex Riesen <raa.lkml@gmail.com> writes: > Junio C Hamano, Tue, Dec 13, 2005 19:41:27 +0100: >> >> > Thank you both for the patch, but I'd be much more comfortable if at >> > least quotes (both ' and "), backslashes, ? and * would be prohibited in >> > the names as well. >> >> I second that, and thanks for pointing it out. Any objections? > > Just as a warning, perhaps? It's not like git is anywhere limited in > this respect... Yeah, after thinking about it a bit more, I changed my mind. The wildcard letters like ? and * I understand and sympathetic about somewhat. Something like this: name="*.sh" ;# this also comes from the end user echo $name ends up showing every shell script in the current directory, and not literal '*.sh'. However, I do not think covering five characters '"\?* gives us anything, and sends a strong message that we do not know our shell programming to whoever is reading our code. For one thing, the user can still say "foo[a-z]bar" to confuse you, so you also need to forbid []. The thing is, if you start to care about single and double quotes, then what you are doing carelessly is not something simple like this: name='frotz'\''nitfol"filfre\xyzzy' ;# this comes from the end user. echo $name ;# and this prints just fine. For quotes to matter, you must be doing an "eval" carelessly, and "eval" and careless should never go together. # do not try this in your repository without echo name="foo; echo rm -fr ." eval "git-rev-parse $name" You end up needing to forbid a lot more than the quoting and wildcard, if you want to keep your shell scripts loose and lazy; which may be a worthy goal in itself but pretty much defeats the initial discussion of "why do we allow only these characters in tags". So in short, I am somewhat negative about the idea of adding more "forbidden letters". Let's make sure our scripts are careful where safety matters. Note that this does not forbid Porcelains to enforce additional restrictions on their own. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Fri Dec 16 10:38:41 2005
This archive was generated by hypermail 2.1.8 : 2005-12-16 10:39:18 EST