mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-18 19:40:55 +01:00
a7921a4448
Summary: Ref T13012. These flags can be exploited by attackers to execute code remotely. See T13012 for discussion and context. Additionally, harden some Mercurial commands where possible (by using additional quoting or embedding arguments in other constructs) so they resist these flags and behave properly when passed arguments with these values. Test Plan: - Added unit tests. - Verified "--config" and "--debugger" commands are rejected. - Verified more commands now work properly even with branches and files named `--debugger`, although not all of them do. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13012 Differential Revision: https://secure.phabricator.com/D18769 |
||
---|---|---|
.. | ||
__tests__ | ||
DiffusionCommandEngine.php | ||
DiffusionGitCommandEngine.php | ||
DiffusionMercurialCommandEngine.php | ||
DiffusionMercurialWireProtocol.php | ||
DiffusionRepositoryClusterEngine.php | ||
DiffusionRepositoryClusterEngineLogInterface.php | ||
DiffusionSubversionCommandEngine.php | ||
DiffusionSubversionWireProtocol.php |