[Buildbot-devel] Branch name restrictions
Mark Pauley
mpauley at apple.com
Tue Jun 19 20:23:56 UTC 2007
Ah yeah, sorry I suppose it would make more sense that they are just
loaded into an argv and the command run from that.
That was just the first issue that came to mind :)
_Mark
On Jun 19, 2007, at 11:47 AM, Jean-Paul Calderone wrote:
> On Tue, 19 Jun 2007 11:32:56 -0700, Mark Pauley <mpauley at apple.com>
> wrote:
>> I would say that we should definitely at the very least block quote
>> characters (or escape them) to prevent web-build based expoits.
>> Those build-names are passed as args to forked commands.
>
> They shouldn't be passed through a shell. I don't know that they /
> aren't/,
> but there's no need for them to be.
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Buildbot-devel mailing list
> Buildbot-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/buildbot-devel
More information about the devel
mailing list