On Mon, Sep 28, 2020 at 05:41:14PM -0700, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > I think that: > > > > - we'd never write a raw CR ourselves, as we'd urlencode the character > > > > - if somebody did put in a raw CR manually like: > > > > https://example.com\r\n > > > > then we'd currently fail to match "example.com". Which is probably > > not what they wanted. I suspect that \r in a hostname is bogus > > anyway (certainly curl will complain about it). > > I may be misremembering, but an argument I recall against the kind > of change we are dicussing now was that we ignore such an entry > right now, and the user may have added an entry for the host anew, > possibly with a more recent password. Changing the parsing to > ignore CR would silently resurrect such a stale entry that the user > has written off as unused, and depending on the order of entries in > the file, a site that used to work may start failing suddenly. Yeah, that is probably what would happen. I have to admit that it's such an obscure case that I'm not sure I really care. It's unlikely in practice, and if somebody did report such a case, I think my first response would be "well, why did you have a broken entry stuck in your file?". > I still don't see why we need to touch the cache-daemon, though. Yeah, I touched on that more in another response. -Peff
