Fossil SCM
Disallow the ';' character in blob_append_escape_arg().
Commit
3bbac575348d0a54cf8882d41eba701fe7bfb90ef0bd7f082c1d7405f9db6f80
Parent
9eea719af68932a…
1 file changed
+1
-1
+1
-1
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -1195,11 +1195,11 @@ | ||
| 1195 | 1195 | #else |
| 1196 | 1196 | const char cQuote = '\''; /* Use '...' quoting on unix */ |
| 1197 | 1197 | #endif |
| 1198 | 1198 | |
| 1199 | 1199 | for(i=0; (c = zIn[i])!=0; i++){ |
| 1200 | - if( c==cQuote || c=='\\' || c<' ' ) { | |
| 1200 | + if( c==cQuote || c=='\\' || c<' ' || c==';' ) { | |
| 1201 | 1201 | Blob bad; |
| 1202 | 1202 | blob_token(pBlob, &bad); |
| 1203 | 1203 | fossil_fatal("the [%s] argument to the \"%s\" command contains " |
| 1204 | 1204 | "a character (ascii 0x%02x) that is a security risk", |
| 1205 | 1205 | zIn, blob_str(&bad), c); |
| 1206 | 1206 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -1195,11 +1195,11 @@ | |
| 1195 | #else |
| 1196 | const char cQuote = '\''; /* Use '...' quoting on unix */ |
| 1197 | #endif |
| 1198 | |
| 1199 | for(i=0; (c = zIn[i])!=0; i++){ |
| 1200 | if( c==cQuote || c=='\\' || c<' ' ) { |
| 1201 | Blob bad; |
| 1202 | blob_token(pBlob, &bad); |
| 1203 | fossil_fatal("the [%s] argument to the \"%s\" command contains " |
| 1204 | "a character (ascii 0x%02x) that is a security risk", |
| 1205 | zIn, blob_str(&bad), c); |
| 1206 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -1195,11 +1195,11 @@ | |
| 1195 | #else |
| 1196 | const char cQuote = '\''; /* Use '...' quoting on unix */ |
| 1197 | #endif |
| 1198 | |
| 1199 | for(i=0; (c = zIn[i])!=0; i++){ |
| 1200 | if( c==cQuote || c=='\\' || c<' ' || c==';' ) { |
| 1201 | Blob bad; |
| 1202 | blob_token(pBlob, &bad); |
| 1203 | fossil_fatal("the [%s] argument to the \"%s\" command contains " |
| 1204 | "a character (ascii 0x%02x) that is a security risk", |
| 1205 | zIn, blob_str(&bad), c); |
| 1206 |