mirror of
https://we.phorge.it/source/arcanist.git
synced 2024-12-23 14:00:55 +01:00
No description
0e35dc64a9
Summary: On Windows, the PHP function escapeshellarg() replaces '%' with ' ' (space). This is apparently because there is no safe way to escape % inside of strings. cmd.exe does use "^" as an escape character, so I think replacing "xyz" with "^x^y^z" might work for arbitrary strings (maybe?), or at least some subset of strings, but I don't know cmd.exe well enough to make that call without being concerned I'm introducing a security issue. Although this patch is dumb, it's certinaly safe, and can only do something wrong if the user has environmental variables like H, P, T, or x01, in which case they're sort of asking for it. cmd.exe also truncates output on \0, so use \1 as a delimiter instead. Seriously it's like this thing was written in 1982 and never ever changed. Test Plan: Created D1783 successfully after applying this patch. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T124 Differential Revision: https://secure.phabricator.com/D1785 |
||
---|---|---|
bin | ||
externals | ||
resources | ||
scripts | ||
src | ||
.arcconfig | ||
.divinerconfig | ||
.gitignore | ||
LICENSE | ||
README |
WHAT IS ARCANIST? Arcanist is the command-line tool for Phabricator. It allows you to interact with Phabricator installs to send code for review, download patches, transfer files, view status, make API calls, and various other things. You can find a complete user guide here: http://www.phabricator.com/docs/phabricator/article/Arcanist_User_Guide.html For more information about Phabricator, see: http://phabricator.org/