On Fri, Jan 15, 2016 at 9:37 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Stefan Beller <sbeller@xxxxxxxxxx> writes:
>
>> On Wed, Jan 13, 2016 at 2:03 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>>> Stefan Beller <sbeller@xxxxxxxxxx> writes:
>>>> + while (url) {
>>>> + if (starts_with_dot_dot_slash(url)) {
>>>> + char *rfind;
>>>> + url += 3;
>>>> +
>>>> + rfind = last_dir_separator(remoteurl);
>>>> + if (rfind)
>>>> + *rfind = '\0';
>>>> + else {
>>>> + rfind = strrchr(remoteurl, ':');
>>>> + if (rfind) {
>>>> + *rfind = '\0';
>>>> + colonsep = 1;
>>>> + } else {
>>>> + if (is_relative || !strcmp(".", remoteurl))
>>>> + die(_("cannot strip one component off url '%s'"), remoteurl);
>>>> + else
>>>> + remoteurl = xstrdup(".");
>>>> + }
>>>> + }
>>>
>>> It is somewhat hard to see how this avoids stripping one (or both)
>>> slashes just after "http:" in remoteurl="http://site/path/";, leaving
>>> just "http:/" (or "http:").
>>
>> it would leave just 'http:/' if url were to be ../../some/where/else,
>> such that the constructed url below would be http://some/where/else.
>
> Is that a good outcome, though? Isn't it something we would want to
> catch as an error?
I would want to add theses checks later and for now
just port over the code from shell to C. (The same issue
is found in the shell code and nobody seems to bother so far)
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html