On 2014-04-21 18:33, Junio C Hamano wrote: > Junio C Hamano <gitster@xxxxxxxxx> writes: > >> Richard Hansen <rhansen@xxxxxxx> writes: >> >>> Both bash and zsh subject the value of PS1 to parameter expansion, >>> command substitution, and arithmetic expansion. Rather than include >>> the raw, unescaped branch name in PS1 when running in two- or >>> three-argument mode, construct PS1 to reference a variable that holds >>> the branch name. Because the shells do not recursively expand, this >>> avoids arbitrary code execution by specially-crafted branch names such >>> as '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)'. >>> >>> Signed-off-by: Richard Hansen <rhansen@xxxxxxx> >> >> I'd like to see this patch eyeballed by those who have been involved >> in the script (shortlog and blame tells me they are SZEDER and >> Simon, CC'ed), so that we can hopefully merge it by the time -rc1 is >> tagged. >> >> Will queue so that I won't lose it in the meantime. >> >> Thanks. > > Sadly, this does not seem to pass t9903.41 for me. > > $ bash t9903-*.sh -i -v Oops! Because git-prompt.sh is in contrib I didn't realize there was a test for it. The test will have to change. I'll think about the best way to adjust the test and send a reroll. Thanks, Richard -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html