From b145f66887665b89f4ebedcfd0a2e164740c7296 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Sun, 11 Mar 2018 10:03:29 -0700 Subject: [PATCH] Project.pm: add some more "cursory" checks to set_HEAD There are various restrictions on ref names in Git. They are detailed in `git help check-ref-format`. Previously single quote (') and angle brackets (<>) were being disallowed. That is retained for now even though technically those are NOT invalid ref name characters. Add some more cursory checks for characters and sequences that would cause Git to reject the ref name. This still does not catch everything, but it catches a lot more than it used to. Signed-off-by: Kyle J. McKay --- Girocco/Project.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Girocco/Project.pm b/Girocco/Project.pm index 157b889..4a19edc 100644 --- a/Girocco/Project.pm +++ b/Girocco/Project.pm @@ -1431,7 +1431,7 @@ sub set_HEAD { my $self = shift; my $newHEAD = shift; # Cursory checks only -- if you want to break your HEAD, be my guest - if ($newHEAD =~ /^\/|['<>]|\.\.|\/$/) { + if ($newHEAD =~ /^\/|^\.|[\x00-\x1f \x7f\[~^'<>*?\\:]|\@\{|\.\.|\.lock$|\.$|\/$/) { die "grossly invalid new HEAD: $newHEAD"; } system($Girocco::Config::git_bin, "--git-dir=$self->{path}", 'symbolic-ref', 'HEAD', "refs/heads/$newHEAD"); -- 2.11.4.GIT