diff options
author | dylan.araps@gmail.com <dylan.araps@gmail.com> | 2019-10-01 19:48:30 +0000 |
---|---|---|
committer | dylan.araps@gmail.com <dylan.araps@gmail.com> | 2019-10-01 19:48:30 +0000 |
commit | c722d09429763fac48c9e84dd037f2576da985bd (patch) | |
tree | f80dcb8605374799cb2e9e13f4ca53175e68a9f3 | |
parent | 695324c57c66d55cb5caeb4eb4a3c2895fce18b1 (diff) | |
download | cpt-c722d09429763fac48c9e84dd037f2576da985bd.tar.gz |
kiss: more relaxed sanitization as per POSIX globbing spec.
FossilOrigin-Name: 33ed6d93f3e9f757af1c88c985fd88d39ee37cec63bc6a4e1b0960f2479effd7
-rwxr-xr-x | kiss | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -858,9 +858,12 @@ args() { # Unless this is a search, sanitize the user's input. The call to # 'pkg_find()' supports basic globbing, ensure input doesn't expand # to anything except for when this behavior is needed. + # + # This handles the globbing characters '*', '!', '[' and ']' as per: + # https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html [ "$action" != search ] && [ "$action" != s ] && case $* in - *[!a-zA-Z0-9_-]*) + *'*'*|*'!'*|*'['*|*']'*) log kiss "$action $*" die "Arguments contain invalid characters" ;; |