Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/windows.py @ 33641:00a75672a9cb stable
ssh: quote parameters using shellquote (SEC)
This patch uses shellquote to quote ssh parameters more strictly to avoid
shell injection.
| author | Jun Wu <quark@fb.com> |
|---|---|
| date | Fri, 04 Aug 2017 23:54:12 -0700 |
| parents | e10745311406 |
| children |
comparison
equal
deleted
inserted
replaced
| 33640:ca398a50ca00 | 33641:00a75672a9cb |
|---|---|
| 202 args = user and ("%s@%s" % (user, host)) or host | 202 args = user and ("%s@%s" % (user, host)) or host |
| 203 if args.startswith('-') or args.startswith('/'): | 203 if args.startswith('-') or args.startswith('/'): |
| 204 raise error.Abort( | 204 raise error.Abort( |
| 205 _('illegal ssh hostname or username starting with - or /: %s') % | 205 _('illegal ssh hostname or username starting with - or /: %s') % |
| 206 args) | 206 args) |
| 207 return port and ("%s %s %s" % (args, pflag, port)) or args | 207 args = shellquote(args) |
| 208 if port: | |
| 209 args = '%s %s %s' % (pflag, shellquote(port), args) | |
| 210 return args | |
| 208 | 211 |
| 209 def setflags(f, l, x): | 212 def setflags(f, l, x): |
| 210 pass | 213 pass |
| 211 | 214 |
| 212 def copymode(src, dst, mode=None): | 215 def copymode(src, dst, mode=None): |