Mercurial > public > mercurial-scm > hg-stable

diff mercurial/sshpeer.py @ 33641:00a75672a9cb stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssh: quote parameters using shellquote (SEC) This patch uses shellquote to quote ssh parameters more strictly to avoid shell injection.
author Jun Wu <quark@fb.com>
date Fri, 04 Aug 2017 23:54:12 -0700
parents f93975a5ebe8
children
line wrap: on
line diff
--- a/mercurial/sshpeer.py	Mon Jul 31 14:55:11 2017 -0700
+++ b/mercurial/sshpeer.py	Fri Aug 04 23:54:12 2017 -0700
@@ -150,10 +150,7 @@
         sshcmd = self.ui.config("ui", "ssh", "ssh")
         remotecmd = self.ui.config("ui", "remotecmd", "hg")
 
-        args = util.sshargs(sshcmd,
-                            _serverquote(self.host),
-                            _serverquote(self.user),
-                            _serverquote(self.port))
+        args = util.sshargs(sshcmd, self.host, self.user, self.port)
 
         if create:
             cmd = '%s %s %s' % (sshcmd, args,