"Randall S. Becker" <[email protected]> writes:
> As a suggestion, with people who know how to escape stuff properly
> (or not), perhaps we can select the alternate behaviour explicitly
> using a core.sshIgnoreEscape=true/false option. Thoughts on that?
The semantics of prepare_shell_cmd() is, regardless of any "funny
characters" on the command line, the spawned command MUST behave AS
IF it was run via the shell. The strcspn() trick is there merely as
a low-level optimization so that we do not have to say
sh -c a-single-token
which would be exactly the same as running
a-single-token
The most typical use of that strcspn() trick is to ensure that
GIT_SSH_COMMAND="the-command and its arguments"
would not attempt to run a command with a long and funny name
"the-command and its arguments" somewhere on the $PATH without any
parameter, and instead run
sh -c "the-command and its arguments"
i.e. run the "the-command" with three parameters (and perhaps more
built-in parameters prepared by the caller in the ssh connection
codepath).
