Phillip Wood <phillip.wood123@xxxxxxxxx> writes: > Not part of this patch but I noticed that we're passing the filenames > for '%A' etc. unquoted which is a bit scary. May be scary but safe, as long as create_temp() gives a reasonable temporary filename. We pass ".merge_file_XXXXXX" to xmkstemp(), which calls into mkstemp(), which should give us a shell safe name? It also should be a safe conversion to change strbuf_addstr() used for these three to sq_quote_buf(), as the string with these %[OAB] placeholders are passed to the shell that eats the quoting before invoking the end-user supplied external merge driver, which means the merge driver would not notice any difference. Thanks for being careful ;-)
