Fossil SCM
Further improvements to quoting defense.
Commit
7d6635542bac314f477a87fe5d4370a3c12cfd8f2cd9ec1b38757f61a29d0f00
Parent
597f0bc224a0343…
1 file changed
+11
-3
+11
-3
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -1316,20 +1316,20 @@ | ||
| 1316 | 1316 | #ifdef _WIN32 |
| 1317 | 1317 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1318 | 1318 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1319 | 1319 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1320 | 1320 | 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, /* 2x */ |
| 1321 | - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ | |
| 1321 | + 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ | |
| 1322 | 1322 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1323 | 1323 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, /* 5x */ |
| 1324 | 1324 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1325 | 1325 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| 1326 | 1326 | #else |
| 1327 | 1327 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1328 | 1328 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1329 | 1329 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1330 | - 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, /* 2x */ | |
| 1330 | + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, /* 2x */ | |
| 1331 | 1331 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ |
| 1332 | 1332 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1333 | 1333 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 5x */ |
| 1334 | 1334 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1335 | 1335 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| @@ -1386,10 +1386,18 @@ | ||
| 1386 | 1386 | } |
| 1387 | 1387 | |
| 1388 | 1388 | /* Check for characters that need quoting */ |
| 1389 | 1389 | needEscape = strpbrk(zIn, zNeedQuote)!=0; |
| 1390 | 1390 | if( !needEscape ){ |
| 1391 | + if( zIn[0]=='-' ){ | |
| 1392 | + blob_append_char(pBlob, '.'); | |
| 1393 | +#if defined(_WIN32) | |
| 1394 | + blob_append_char(pBlob, '\\'); | |
| 1395 | +#else | |
| 1396 | + blob_append_char(pBlob, '/'); | |
| 1397 | +#endif | |
| 1398 | + } | |
| 1391 | 1399 | blob_append(pBlob, zIn, -1); |
| 1392 | 1400 | }else{ |
| 1393 | 1401 | #if defined(_WIN32) |
| 1394 | 1402 | blob_append_char(pBlob, '"'); |
| 1395 | 1403 | if( zIn[0]=='-' ){ |
| @@ -1412,15 +1420,15 @@ | ||
| 1412 | 1420 | for(i=0; (c = (unsigned char)zIn[i])!=0; i++){ |
| 1413 | 1421 | if( aSafeChar[c] ) blob_append_char(pBlob, '\\'); |
| 1414 | 1422 | blob_append_char(pBlob, (char)c); |
| 1415 | 1423 | } |
| 1416 | 1424 | }else{ |
| 1425 | + blob_append_char(pBlob, '\''); | |
| 1417 | 1426 | if( zIn[0]=='-' ){ |
| 1418 | 1427 | blob_append_char(pBlob, '.'); |
| 1419 | 1428 | blob_append_char(pBlob, '/'); |
| 1420 | 1429 | } |
| 1421 | - blob_append_char(pBlob, '\''); | |
| 1422 | 1430 | blob_append(pBlob, zIn, -1); |
| 1423 | 1431 | blob_append_char(pBlob, '\''); |
| 1424 | 1432 | } |
| 1425 | 1433 | #endif |
| 1426 | 1434 | } |
| 1427 | 1435 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -1316,20 +1316,20 @@ | |
| 1316 | #ifdef _WIN32 |
| 1317 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1318 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1319 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1320 | 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, /* 2x */ |
| 1321 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ |
| 1322 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1323 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, /* 5x */ |
| 1324 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1325 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| 1326 | #else |
| 1327 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1328 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1329 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1330 | 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, /* 2x */ |
| 1331 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ |
| 1332 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1333 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 5x */ |
| 1334 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1335 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| @@ -1386,10 +1386,18 @@ | |
| 1386 | } |
| 1387 | |
| 1388 | /* Check for characters that need quoting */ |
| 1389 | needEscape = strpbrk(zIn, zNeedQuote)!=0; |
| 1390 | if( !needEscape ){ |
| 1391 | blob_append(pBlob, zIn, -1); |
| 1392 | }else{ |
| 1393 | #if defined(_WIN32) |
| 1394 | blob_append_char(pBlob, '"'); |
| 1395 | if( zIn[0]=='-' ){ |
| @@ -1412,15 +1420,15 @@ | |
| 1412 | for(i=0; (c = (unsigned char)zIn[i])!=0; i++){ |
| 1413 | if( aSafeChar[c] ) blob_append_char(pBlob, '\\'); |
| 1414 | blob_append_char(pBlob, (char)c); |
| 1415 | } |
| 1416 | }else{ |
| 1417 | if( zIn[0]=='-' ){ |
| 1418 | blob_append_char(pBlob, '.'); |
| 1419 | blob_append_char(pBlob, '/'); |
| 1420 | } |
| 1421 | blob_append_char(pBlob, '\''); |
| 1422 | blob_append(pBlob, zIn, -1); |
| 1423 | blob_append_char(pBlob, '\''); |
| 1424 | } |
| 1425 | #endif |
| 1426 | } |
| 1427 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -1316,20 +1316,20 @@ | |
| 1316 | #ifdef _WIN32 |
| 1317 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1318 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1319 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1320 | 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, /* 2x */ |
| 1321 | 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ |
| 1322 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1323 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, /* 5x */ |
| 1324 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1325 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| 1326 | #else |
| 1327 | /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ |
| 1328 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */ |
| 1329 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */ |
| 1330 | 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, /* 2x */ |
| 1331 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */ |
| 1332 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */ |
| 1333 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 5x */ |
| 1334 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */ |
| 1335 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */ |
| @@ -1386,10 +1386,18 @@ | |
| 1386 | } |
| 1387 | |
| 1388 | /* Check for characters that need quoting */ |
| 1389 | needEscape = strpbrk(zIn, zNeedQuote)!=0; |
| 1390 | if( !needEscape ){ |
| 1391 | if( zIn[0]=='-' ){ |
| 1392 | blob_append_char(pBlob, '.'); |
| 1393 | #if defined(_WIN32) |
| 1394 | blob_append_char(pBlob, '\\'); |
| 1395 | #else |
| 1396 | blob_append_char(pBlob, '/'); |
| 1397 | #endif |
| 1398 | } |
| 1399 | blob_append(pBlob, zIn, -1); |
| 1400 | }else{ |
| 1401 | #if defined(_WIN32) |
| 1402 | blob_append_char(pBlob, '"'); |
| 1403 | if( zIn[0]=='-' ){ |
| @@ -1412,15 +1420,15 @@ | |
| 1420 | for(i=0; (c = (unsigned char)zIn[i])!=0; i++){ |
| 1421 | if( aSafeChar[c] ) blob_append_char(pBlob, '\\'); |
| 1422 | blob_append_char(pBlob, (char)c); |
| 1423 | } |
| 1424 | }else{ |
| 1425 | blob_append_char(pBlob, '\''); |
| 1426 | if( zIn[0]=='-' ){ |
| 1427 | blob_append_char(pBlob, '.'); |
| 1428 | blob_append_char(pBlob, '/'); |
| 1429 | } |
| 1430 | blob_append(pBlob, zIn, -1); |
| 1431 | blob_append_char(pBlob, '\''); |
| 1432 | } |
| 1433 | #endif |
| 1434 | } |
| 1435 |