On Thu, Jan 29, 2015 at 03:48:14PM -0800, Junio C Hamano wrote: > By default, a patch that affects outside the working area is > rejected as a mistake; Git itself never creates such a patch > unless the user bends backwards and specifies nonstandard > prefix to "git diff" and friends. > > When `git apply` is used without either `--index` or `--cached` > option as a "better GNU patch", the user can pass `--allow-uplevel` > option to override this safety check. This cannot be used to escape > outside the working tree when using `--index` or `--cached` to apply > the patch to the index. It looks like your new --allow-uplevel goes to verify_path(). So this isn't just about "..", but it will also protect against applying a patch inside ".git". Which seems like a good thing to me, but I wonder if the option name is a little misleading. It is really about applying the same checks we do for index paths to the non-index mode of "git apply". > * Meant to apply on top of the previous one, but these two are > about separate and orthogonal issues. I agree they are orthogonal in concept, though I doubt the symlink tests here would pass without the previous one (since verify_path does not know or care about crossing symlink boundaries). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html