On 9/28/17, David Mason <dma...@ryerson.ca> wrote: > > Last question for a while: in clone.c line 104 it says to use %40, %2f and > %3a for special characters in the userid and password (for obvious > reasons). Are there any other restrictions on the repo name or other parts > of the URL?
Note that I recall. But there might be some that I've forgotten about. As a security precaution in your system, I think you would do well to restrict repo names to begin with an alphanumeric, end with ".fossil", and contain no characters other than alphanumerics, '.', '_', and '-'. Maybe also only allow a single '.', specifically the one that occurs on the ".fossil" suffix. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users