Fossil

Check-in [72e4b915]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allow arguments with non-ASCII characters for constructed shell commands.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 72e4b915fd9e8aa8f992679a47c786e589046afc46700c6037dbecb3862d7b5a
User & Date: drh 2019-02-18 20:44:51.953
Context
2019-02-18
21:04
Tweaks to the change log in preparation for 2.8. ... (check-in: dbf342e7 user: drh tags: trunk)
20:44
Allow arguments with non-ASCII characters for constructed shell commands. ... (check-in: 72e4b915 user: drh tags: trunk)
19:17
Include 'nonce' TH1 variable in the custom skin documentation. ... (check-in: 02367341 user: mistachkin tags: trunk)
2019-02-07
17:42
Allow arguments with non-ASCII characters for constructed shell commands, as reported here: https://fossil-scm.org/forum/forumpost/81e6854386. ... (Closed-Leaf check-in: a5ff0050 user: florian tags: non-ascii-cmd-args)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/blob.c.
1261
1262
1263
1264
1265
1266
1267

1268
1269
1270
1271
1272
1273
1274
1275
#if defined(_WIN32)
  const char cQuote = '"';    /* Use "..." quoting on windows */
#else
  const char cQuote = '\'';   /* Use '...' quoting on unix */
#endif

  for(i=0; (c = zIn[i])!=0; i++){

    if( c==cQuote || c=='\\' || c<' ' || c==';' || c=='*' || c=='?' || c=='[') {
      Blob bad;
      blob_token(pBlob, &bad);
      fossil_fatal("the [%s] argument to the \"%s\" command contains "
                   "a character (ascii 0x%02x) that is a security risk",
                   zIn, blob_str(&bad), c);
    }
    if( !needEscape && !fossil_isalnum(c) && c!='/' && c!='.' && c!='_' ){







>
|







1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
#if defined(_WIN32)
  const char cQuote = '"';    /* Use "..." quoting on windows */
#else
  const char cQuote = '\'';   /* Use '...' quoting on unix */
#endif

  for(i=0; (c = zIn[i])!=0; i++){
    if( c==cQuote || (unsigned char)c<' ' ||
        c=='\\' || c==';' || c=='*' || c=='?' || c=='[' ){
      Blob bad;
      blob_token(pBlob, &bad);
      fossil_fatal("the [%s] argument to the \"%s\" command contains "
                   "a character (ascii 0x%02x) that is a security risk",
                   zIn, blob_str(&bad), c);
    }
    if( !needEscape && !fossil_isalnum(c) && c!='/' && c!='.' && c!='_' ){