summaryrefslogtreecommitdiff
path: root/refs.c
diff options
context:
space:
mode:
authorNguyễn Thái Ngọc Duy <pclouds@gmail.com>2019-03-08 09:28:34 (GMT)
committerJunio C Hamano <gitster@pobox.com>2019-05-15 04:56:43 (GMT)
commit1de16aecf51daf5794aa074f6dd133e088a12690 (patch)
tree08f462da8878ec63fe3cf9a5573da743e767abbf /refs.c
parent7d0c1f4556ad89b2f7eae97d31ea85c3bfdf7c87 (diff)
downloadgit-1de16aecf51daf5794aa074f6dd133e088a12690.zip
git-1de16aecf51daf5794aa074f6dd133e088a12690.tar.gz
git-1de16aecf51daf5794aa074f6dd133e088a12690.tar.bz2
worktree add: sanitize worktree names
Worktree names are based on $(basename $GIT_WORK_TREE). They aren't significant until 3a3b9d8cde (refs: new ref types to make per-worktree refs visible to all worktrees - 2018-10-21), where worktree name could be part of a refname and must follow refname rules. Update 'worktree add' code to remove special characters to follow these rules. In the future the user will be able to specify the worktree name by themselves if they're not happy with this dumb character substitution. Reported-by: Konstantin Kharlamov <hi-angel@yandex.ru> Helped-by: Jeff King <peff@peff.net> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'refs.c')
-rw-r--r--refs.c110
1 files changed, 90 insertions, 20 deletions
diff --git a/refs.c b/refs.c
index 142888a..94e8d46 100644
--- a/refs.c
+++ b/refs.c
@@ -63,7 +63,7 @@ static unsigned char refname_disposition[256] = {
* not legal. It is legal if it is something reasonable to have under
* ".git/refs/"; We do not like it if:
*
- * - any path component of it begins with ".", or
+ * - it begins with ".", or
* - it has double dots "..", or
* - it has ASCII control characters, or
* - it has ":", "?", "[", "\", "^", "~", SP, or TAB anywhere, or
@@ -71,31 +71,63 @@ static unsigned char refname_disposition[256] = {
* - it ends with a "/", or
* - it ends with ".lock", or
* - it contains a "@{" portion
+ *
+ * When sanitized is not NULL, instead of rejecting the input refname
+ * as an error, try to come up with a usable replacement for the input
+ * refname in it.
*/
-static int check_refname_component(const char *refname, int *flags)
+static int check_refname_component(const char *refname, int *flags,
+ struct strbuf *sanitized)
{
const char *cp;
char last = '\0';
+ size_t component_start = 0; /* garbage - not a reasonable initial value */
+
+ if (sanitized)
+ component_start = sanitized->len;
for (cp = refname; ; cp++) {
int ch = *cp & 255;
unsigned char disp = refname_disposition[ch];
+
+ if (sanitized && disp != 1)
+ strbuf_addch(sanitized, ch);
+
switch (disp) {
case 1:
goto out;
case 2:
- if (last == '.')
- return -1; /* Refname contains "..". */
+ if (last == '.') { /* Refname contains "..". */
+ if (sanitized)
+ /* collapse ".." to single "." */
+ strbuf_setlen(sanitized, sanitized->len - 1);
+ else
+ return -1;
+ }
break;
case 3:
- if (last == '@')
- return -1; /* Refname contains "@{". */
+ if (last == '@') { /* Refname contains "@{". */
+ if (sanitized)
+ sanitized->buf[sanitized->len-1] = '-';
+ else
+ return -1;
+ }
break;
case 4:
- return -1;
+ /* forbidden char */
+ if (sanitized)
+ sanitized->buf[sanitized->len-1] = '-';
+ else
+ return -1;
+ break;
case 5:
- if (!(*flags & REFNAME_REFSPEC_PATTERN))
- return -1; /* refspec can't be a pattern */
+ if (!(*flags & REFNAME_REFSPEC_PATTERN)) {
+ /* refspec can't be a pattern */
+ if (sanitized)
+ sanitized->buf[sanitized->len-1] = '-';
+ else
+ return -1;
+ }
/*
* Unset the pattern flag so that we only accept
@@ -109,26 +141,48 @@ static int check_refname_component(const char *refname, int *flags)
out:
if (cp == refname)
return 0; /* Component has zero length. */
- if (refname[0] == '.')
- return -1; /* Component starts with '.'. */
+
+ if (refname[0] == '.') { /* Component starts with '.'. */
+ if (sanitized)
+ sanitized->buf[component_start] = '-';
+ else
+ return -1;
+ }
if (cp - refname >= LOCK_SUFFIX_LEN &&
- !memcmp(cp - LOCK_SUFFIX_LEN, LOCK_SUFFIX, LOCK_SUFFIX_LEN))
- return -1; /* Refname ends with ".lock". */
+ !memcmp(cp - LOCK_SUFFIX_LEN, LOCK_SUFFIX, LOCK_SUFFIX_LEN)) {
+ if (!sanitized)
+ return -1;
+ /* Refname ends with ".lock". */
+ while (strbuf_strip_suffix(sanitized, LOCK_SUFFIX)) {
+ /* try again in case we have .lock.lock */
+ }
+ }
return cp - refname;
}
-int check_refname_format(const char *refname, int flags)
+static int check_or_sanitize_refname(const char *refname, int flags,
+ struct strbuf *sanitized)
{
int component_len, component_count = 0;
- if (!strcmp(refname, "@"))
+ if (!strcmp(refname, "@")) {
/* Refname is a single character '@'. */
- return -1;
+ if (sanitized)
+ strbuf_addch(sanitized, '-');
+ else
+ return -1;
+ }
while (1) {
+ if (sanitized && sanitized->len)
+ strbuf_complete(sanitized, '/');
+
/* We are at the start of a path component. */
- component_len = check_refname_component(refname, &flags);
- if (component_len <= 0)
+ component_len = check_refname_component(refname, &flags,
+ sanitized);
+ if (sanitized && component_len == 0)
+ ; /* OK, omit empty component */
+ else if (component_len <= 0)
return -1;
component_count++;
@@ -138,13 +192,29 @@ int check_refname_format(const char *refname, int flags)
refname += component_len + 1;
}
- if (refname[component_len - 1] == '.')
- return -1; /* Refname ends with '.'. */
+ if (refname[component_len - 1] == '.') {
+ /* Refname ends with '.'. */
+ if (sanitized)
+ ; /* omit ending dot */
+ else
+ return -1;
+ }
if (!(flags & REFNAME_ALLOW_ONELEVEL) && component_count < 2)
return -1; /* Refname has only one component. */
return 0;
}
+int check_refname_format(const char *refname, int flags)
+{
+ return check_or_sanitize_refname(refname, flags, NULL);
+}
+
+void sanitize_refname_component(const char *refname, struct strbuf *out)
+{
+ if (check_or_sanitize_refname(refname, REFNAME_ALLOW_ONELEVEL, out))
+ BUG("sanitizing refname '%s' check returned error", refname);
+}
+
int refname_is_safe(const char *refname)
{
const char *rest;