On Sun, Mar 21, 2021 at 01:54:15AM -0400, Eric Sunshine wrote: > On Sun, Mar 21, 2021 at 1:45 AM Junio C Hamano <gitster@xxxxxxxxx> wrote: > > Eric Sunshine <sunshine@xxxxxxxxxxxxxx> writes: > > > To protect against that problem, you may need to call > > > format_sanitized_subject() manually after formatting "v%s-". (I'm just > > > looking at this code for the first time, so I could be hopelessly > > > wrong. There may be a better way to fix it.) > > > > Yes, slash is of course very problematic, but what we've been doing > > to the patch filenames was to ensure that they will be free of $IFS > > whitespaces and shell glob special characters as well, and we should > > treat the "reroll count" just like the other end-user controlled > > input, i.e. the title of the patch, and sanitize it the same way. > > > > So I am pretty sure format_sanitized_subject() is the right way to > > go. > > The pathname sanitization would also deserve a test. > > Denton's seemingly simple feature request[1] has turned out to be > quite a little project. Sorry I've been quite busy the past couple of weeks so I haven't had the bandwidth to review the patches as they've come up. Thanks for implementing my feature request, ZheNing. And thanks for the careful reviews, Eric. > [1]: https://github.com/gitgitgadget/git/issues/882
