Mercurial > hg
view tests/test-username-newline.t @ 33659:8cb9e921ef8c stable
ssh: quote parameters using shellquote (SEC)
This patch uses shellquote to quote ssh parameters more strictly to avoid
shell injection.
author | Jun Wu <quark@fb.com> |
---|---|
date | Fri, 04 Aug 2017 23:54:12 -0700 |
parents | 5ac845ca059a |
children | 95c4cca641f6 |
line wrap: on
line source
$ hg init $ touch a $ unset HGUSER $ echo "[ui]" >> .hg/hgrc $ echo "username= foo" >> .hg/hgrc $ echo " bar1" >> .hg/hgrc $ hg ci -Am m adding a abort: username 'foo\nbar1' contains a newline [255] $ rm .hg/hgrc $ HGUSER=`(echo foo; echo bar2)` hg ci -Am m adding a abort: username 'foo\nbar2' contains a newline [255] $ hg ci -Am m -u "`(echo foo; echo bar3)`" adding a transaction abort! rollback completed abort: username 'foo\nbar3' contains a newline! [255]