On Tue, Feb 21, 2017 at 01:24:38PM -0800, Junio C Hamano wrote: > The parsing of one-shot assignments of configuration variables that > come from the command line historically was quite loose and allowed > anything to pass. > > The configuration variable names that come from files are validated > in git_config_parse_source(), which uses get_base_var() that grabs > the <section> (and subsection) while making sure that <section> > consists of iskeychar() letters, the function itself that makes sure > that the first letter in <variable> is isalpha(), and get_value() > that grabs the remainder of the <variable> name while making sure > that it consists of iskeychar() letters. > > Perform an equivalent check in canonicalize_config_variable_name() > to catch invalid configuration variable names that come from the > command line. FWIW, the code looks OK here. It is a shame to duplicate the policy found in git_config_parse_key(), though. I wonder if we could make a master version of that which canonicalizes in-place, and then just wrap it for the git_config_parse_key() interface. Actually, I guess the function you just wrote _is_ that inner function, as long as it learned about the "quiet" flag. -Peff