Hi,
On Apr 22, 2014 2:53 AM, Junio C Hamano <[email protected]> wrote:
>
> Richard Hansen <[email protected]> writes:
>
> > Both bash and zsh subject the value of PS1 to parameter expansion,
> > command substitution, and arithmetic expansion. Rather than include
> > the raw, unescaped branch name in PS1 when running in two- or
> > three-argument mode, construct PS1 to reference a variable that holds
> > the branch name. Because the shells do not recursively expand, this
> > avoids arbitrary code execution by specially-crafted branch names such
> > as '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)'.
> >
> > Signed-off-by: Richard Hansen <[email protected]>
>
> I'd like to see this patch eyeballed by those who have been involved
> in the script (shortlog and blame tells me they are SZEDER and
> Simon, CC'ed), so that we can hopefully merge it by the time -rc1 is
> tagged.
I think this is a sensible thing to do. However, for now I can only check the
patch on my phone, hence I can't say any more (e.g. acked or reviewed by) than
that, unfortunately.
> > + # not needed anymore; keep user's
> > + # environment clean
> > + unset __git_ps1_upstream_name
> > + fi
We already have a lot of stuff in the user's environment beginning with __git,
so I don't think the unset is necessary.
Best,
Gábor
N�����r��y����b�X��ǧv�^�){.n�+����ا����ܨ}���Ơz�&j:+v��������zZ+��+zf���h���~����i���z���w���?�����&�)ߢ�f
