On 04/09/14 23:36, Junio C Hamano wrote: > While I do not think of a reason to specify such a string to the > in-reply-to option (I'd rather edit the output in the editor if I > wanted to do anything fancy [*1*]), I do not think there is a reason > why you want to add a code to forbid such use, either. My question was to find out whether I can pass untrusted user input to --in-reply-to and expect that no header beyond "In-Reply-To" and "References" is modified, but your answer makes clear that I cannot. A possible alternative might have been that git verifies that the input to --in-reply-to matches the format specified RFC2822 (section 3.6.4.). Thanks! -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html