Re: gitweb: using quotemeta

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Jakub Narebski <jnareb@xxxxxxxxx> wrote:
> Luben Tuikov wrote:
> 
> > --- Junio C Hamano <junkio@xxxxxxx> wrote:
> >> 
> >> Ouch, that was a sloppy planning and coding, and sloppier
> >> reviewing.  Sorry.
> >> 
> >> What is the right quoting there?  Just quoting double-quotes?
> > 
> > I'm not sure.  What undesired character could we have in $filename
> > of a snapshot?  The commit ab41dfbfd4f message gives this
> > justification: "Just in case filename contains end of line character."
> > 
> > It looks like $filename is constructed by well defined strings:
> > basename($project), $hash and $suffix all of which should be ok.
> > 
> > I'd say we don't need quotemeta for $filename of snapshot.
> 
> But we do need quoting for blob_plain and perhaps blobdiff_plain
> views, although not quotemeta, but perhaps the reverse of unescape,
> i.e. quote '"', EOLN (end of line) and perhaps also TAB.

Escaping for the purposes of HTML _view_ and URL generation is ok,
but it is not ok when _saving_ the file with a file name.

A file name is just a string of chars, and I want to _save_ the file
name as its name is. No changes or interpretations please.  I don't
care what the string is, what chars it is made of, etc.

Please don't interpret file names and their characters when the files
are _saved_ by the user's browser.

The file name in my filesystem should be the exact same file name
as it appears on any other filesystem hosting the same git repo.

I don't want this translation:
Server FS: linux-2.6.git-5c2d97cb31fb77981797fec46230ca005b865799.tar.gz
Quotemeta: linux\-2\.6\.git\-5c2d97cb31fb77981797fec46230ca005b865799\.tar\.gz
User FS: linux\-2\.6\.git\-5c2d97cb31fb77981797fec46230ca005b865799\.tar\.gz

When you comitted ab41dfbfd4f3f9fedac71550027e9813b11abe3d, it extended
quotemeta to where it shouldn't have been applied.

    Luben
P.S. When replying please don't redact the CC field.

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]