Mercurial > hg

diff mercurial/sshpeer.py @ 33659:8cb9e921ef8c stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssh: quote parameters using shellquote (SEC) This patch uses shellquote to quote ssh parameters more strictly to avoid shell injection.
author Jun Wu <quark@fb.com>
date Fri, 04 Aug 2017 23:54:12 -0700
parents d7a1c4c1181d
children 02a745c20121 1908dc958639
line wrap: on
line diff
--- a/mercurial/sshpeer.py	Mon Jul 31 14:55:11 2017 -0700
+++ b/mercurial/sshpeer.py	Fri Aug 04 23:54:12 2017 -0700
@@ -151,10 +151,7 @@
         sshcmd = self.ui.config("ui", "ssh")
         remotecmd = self.ui.config("ui", "remotecmd")
 
-        args = util.sshargs(sshcmd,
-                            _serverquote(self.host),
-                            _serverquote(self.user),
-                            _serverquote(self.port))
+        args = util.sshargs(sshcmd, self.host, self.user, self.port)
 
         if create:
             cmd = '%s %s %s' % (sshcmd, args,