"Randall S. Becker" <rsbecker@xxxxxxxxxxxxx> writes: > As a suggestion, with people who know how to escape stuff properly > (or not), perhaps we can select the alternate behaviour explicitly > using a core.sshIgnoreEscape=true/false option. Thoughts on that? The semantics of prepare_shell_cmd() is, regardless of any "funny characters" on the command line, the spawned command MUST behave AS IF it was run via the shell. The strcspn() trick is there merely as a low-level optimization so that we do not have to say sh -c a-single-token which would be exactly the same as running a-single-token The most typical use of that strcspn() trick is to ensure that GIT_SSH_COMMAND="the-command and its arguments" would not attempt to run a command with a long and funny name "the-command and its arguments" somewhere on the $PATH without any parameter, and instead run sh -c "the-command and its arguments" i.e. run the "the-command" with three parameters (and perhaps more built-in parameters prepared by the caller in the ssh connection codepath).
