Junio C Hamano <gitster@xxxxxxxxx> writes: > From: Michael Schubert <mschub@xxxxxxxxxxxxx> > Date: Sun, 17 Jun 2012 22:26:37 +0200 > Subject: [PATCH] symbolic-ref: check format of given reference > > Currently, it's possible to update HEAD with a nonsense reference since > no strict validation is performed. Example: > > $ git symbolic-ref HEAD 'refs/heads/master > > > > > > ' It would be nice to add a new test or two to t1401. 1401.3 was already trying to catch a malformed reference with this test: test_must_fail git symbolic-ref HEAD foo and it did trigger thanks to the prefixcmp(argv[1], "refs/") test we already have. Probably something like git symbolic-ref HEAD "refs/heads/.foo" git symbolic-ref HEAD "refs/heads/-foo" would be a good start. To make the latter _correctly_ work requires a bit of work, though. We should make sure all the check_refname_format() callers pass the full path to a ref, get rid of ALLOW_ONELEVEL, and redo commits like 6348624 (disallow branch names that start with a hyphen, 2010-09-14) and 4f0accd (tag: disallow '-' as tag name, 2011-05-10). For that matter, shouldn't symbolic-ref be forbidden to point outside refs/heads/, not just restricted in refs/ like the current code does? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html