]> git.madduck.net Git - code/myrepos.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

Allow untrusted mrconfig files to set parameters to true/false
authorJoey Hess <joey@kitenet.net>
Tue, 27 Sep 2011 21:28:07 +0000 (17:28 -0400)
committerJoey Hess <joey@kitenet.net>
Tue, 27 Sep 2011 21:28:07 +0000 (17:28 -0400)
* Allow untrusted mrconfig files to set parameters to true/false.
  So skip=true or deleted=true canbe used in an untrusted mrconfig file.
* Also allow order=N in an untrusted mrconfig file.

debian/changelog
mr

index 68a67c227022fa5e823afa09ced262cbec869840..766b8da3223401c218e82034f1aeb02c1c8d3b56 100644 (file)
@@ -6,6 +6,9 @@ mr (1.05) UNRELEASED; urgency=low
   * README now gives a quick into to using mr.
   * Brought back the "deleted" parameter, which provides an easy way to
     mark repositories that should be removed.
+  * Allow untrusted mrconfig files to set parameters to true/false.
+    So skip=true or deleted=true canbe used in an untrusted mrconfig file.
+  * Also allow order=N in an untrusted mrconfig file.
 
  -- Joey Hess <joeyh@debian.org>  Fri, 05 Aug 2011 13:29:21 -0400
 
diff --git a/mr b/mr
index bd6c2d73d90656a332ec9f12acd6d1d47a1fd036..d5424caa2eed10a3ff23d1fe81d58bf5060b7b25 100755 (executable)
--- a/mr
+++ b/mr
@@ -1184,13 +1184,23 @@ sub loadconfig {
                        }
 
                        if (! $trusted) {
-                               # Untrusted files can only contain checkout
-                               # parameters.
-                               if ($parameter ne 'checkout') {
-                                       trusterror("mr: illegal setting \"$parameter=$value\"", $f, $line, $bootstrap_url);
+                               # Untrusted files can only contain a few
+                               # settings in specific known-safe formats.
+                               if ($parameter eq 'checkout') {
+                                       if (! is_trusted_checkout($value)) {
+                                               trusterror("mr: illegal checkout command \"$value\"", $f, $line, $bootstrap_url);
+                                       }
+                               }
+                               elsif ($parameter eq 'order') {
+                                       # not interpreted as a command, so
+                                       # safe.
                                }
-                               if (! is_trusted_checkout($value)) {
-                                       trusterror("mr: illegal checkout command \"$value\"", $f, $line, $bootstrap_url);
+                               elsif ($value eq 'true' || $value eq 'false') {
+                                       # skip=true , deleted=true etc are
+                                       # safe.
+                               }
+                               else {
+                                       trusterror("mr: illegal setting \"$parameter=$value\"", $f, $line, $bootstrap_url);
                                }
                        }