Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing command line arguments correctly by string slice #21168

Merged
merged 1 commit into from
Sep 14, 2022
Merged

Passing command line arguments correctly by string slice #21168

merged 1 commit into from
Sep 14, 2022

Conversation

wxiaoguang
Copy link
Contributor

Using append(args, strings.Fields(arg)...) is dangerous, it may generate incorrect results.

For example: arg1 "the dangerous" will be splitted to 3 arguments: arg1, "the, dangerous". In some cases the incorrect arguments may lead to security problems.

@wxiaoguang wxiaoguang mentioned this pull request Sep 14, 2022
Merged
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Sep 14, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 14, 2022
@6543 6543 merged commit 0ba2f53 into go-gitea:main Sep 14, 2022
@6543 6543 added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Sep 14, 2022
@6543 6543 added this to the 1.18.0 milestone Sep 14, 2022
@wxiaoguang wxiaoguang deleted the fix-git-args branch September 14, 2022 15:53
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 15, 2022
@zjjhot
Merge remote-tracking branch 'upstream/main'
46e0597 
* upstream/main:
  Display image digest for container packages (go-gitea#21170)
  Use correct branch for .editorconfig error (go-gitea#21152)
  Passing command line arguments correctly by string slice (go-gitea#21168)
  Sort branches and tags by date descending (go-gitea#21136)
  Skip dirty check for team forms (go-gitea#21154)
  Add KaTeX rendering to Markdown. (go-gitea#20571)
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@6543 6543 6543 approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@wxiaoguang @6543 @delvh @GiteaBot