Allow untrusted mrconfig files to set parameters to true/false

[code/myrepos.git] / mr

diff --git a/mr b/mr
index bd6c2d73d90656a332ec9f12acd6d1d47a1fd036..d5424caa2eed10a3ff23d1fe81d58bf5060b7b25 100755 (executable)
--- a/mr
+++ b/mr
@@ -1184,13 +1184,23 @@ sub loadconfig {
                        }
 
                        if (! $trusted) {
-                               # Untrusted files can only contain checkout
-                               # parameters.
-                               if ($parameter ne 'checkout') {
-                                       trusterror("mr: illegal setting \"$parameter=$value\"", $f, $line, $bootstrap_url);
+                               # Untrusted files can only contain a few
+                               # settings in specific known-safe formats.
+                               if ($parameter eq 'checkout') {
+                                       if (! is_trusted_checkout($value)) {
+                                               trusterror("mr: illegal checkout command \"$value\"", $f, $line, $bootstrap_url);
+                                       }
+                               }
+                               elsif ($parameter eq 'order') {
+                                       # not interpreted as a command, so
+                                       # safe.
                                }
-                               if (! is_trusted_checkout($value)) {
-                                       trusterror("mr: illegal checkout command \"$value\"", $f, $line, $bootstrap_url);
+                               elsif ($value eq 'true' || $value eq 'false') {
+                                       # skip=true , deleted=true etc are
+                                       # safe.
+                               }
+                               else {
+                                       trusterror("mr: illegal setting \"$parameter=$value\"", $f, $line, $bootstrap_url);
                                }
                        }