Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, 2016-04-27 at 16:37 -0400, Jeff King wrote: > On Wed, Apr 27, 2016 at 04:34:53PM -0400, David Turner wrote: > > > > I thought the point is that one is a lesser check than the other, > > > and > > > we > > > need different rules for different situations. So we might allow > > > deletion on

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, Apr 27, 2016 at 04:37:28PM -0400, Jeff King wrote: > > > But anything writing a _new_ refname (whether the actual ref, or > > > referencing it via a symref) should be using check_refname_format() > > > before writing. > > > > Unfortunately, neither check is lesser -- refname_is_safe

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, Apr 27, 2016 at 04:34:53PM -0400, David Turner wrote: > > I thought the point is that one is a lesser check than the other, and > > we > > need different rules for different situations. So we might allow > > deletion on a refname that does not pass check_refname_format(), but > > we > >

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, 2016-04-27 at 16:15 -0400, Jeff King wrote: > On Wed, Apr 27, 2016 at 04:10:32PM -0400, David Turner wrote: > > > On Wed, 2016-04-27 at 10:59 -0700, Junio C Hamano wrote: > > > > > There is another call to refname_is_safe() in > > > resolve_ref_unsafe(), > > > which applies the sanity

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, Apr 27, 2016 at 04:10:32PM -0400, David Turner wrote: > On Wed, 2016-04-27 at 10:59 -0700, Junio C Hamano wrote: > > > There is another call to refname_is_safe() in resolve_ref_unsafe(), > > which applies the sanity check to the string from a symref. We seem > > to allow > > > > $

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

On Wed, 2016-04-27 at 10:59 -0700, Junio C Hamano wrote: > There is another call to refname_is_safe() in resolve_ref_unsafe(), > which applies the sanity check to the string from a symref. We seem > to allow > > $ git symbolic-ref refs/heads/SSS refs/heads//master > > and we end up storing

Re: [PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

Michael Haggerty writes: > Does anybody have a use case for allowing un-normalized reference > names like "refs/foo/../bar///baz"? I'm pretty certain they would not > be handled correctly anyway, especially if they are not stored as > loose references. I wondered what

[PATCH 05/29] refname_is_safe(): insist that the refname already be normalized

The reference name is going to be compared to other reference names, so it should be in its normalized form. Signed-off-by: Michael Haggerty --- Does anybody have a use case for allowing un-normalized reference names like "refs/foo/../bar///baz"? I'm pretty certain they