aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordylan.araps@gmail.com <dylan.araps@gmail.com>2019-10-01 19:48:30 +0000
committerdylan.araps@gmail.com <dylan.araps@gmail.com>2019-10-01 19:48:30 +0000
commitc722d09429763fac48c9e84dd037f2576da985bd (patch)
treef80dcb8605374799cb2e9e13f4ca53175e68a9f3
parent695324c57c66d55cb5caeb4eb4a3c2895fce18b1 (diff)
downloadcpt-c722d09429763fac48c9e84dd037f2576da985bd.tar.gz
kiss: more relaxed sanitization as per POSIX globbing spec.
FossilOrigin-Name: 33ed6d93f3e9f757af1c88c985fd88d39ee37cec63bc6a4e1b0960f2479effd7
-rwxr-xr-xkiss5
1 files changed, 4 insertions, 1 deletions
diff --git a/kiss b/kiss
index a05a46a..88a758f 100755
--- a/kiss
+++ b/kiss
@@ -858,9 +858,12 @@ args() {
# Unless this is a search, sanitize the user's input. The call to
# 'pkg_find()' supports basic globbing, ensure input doesn't expand
# to anything except for when this behavior is needed.
+ #
+ # This handles the globbing characters '*', '!', '[' and ']' as per:
+ # https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
[ "$action" != search ] && [ "$action" != s ] &&
case $* in
- *[!a-zA-Z0-9_-]*)
+ *'*'*|*'!'*|*'['*|*']'*)
log kiss "$action $*"
die "Arguments contain invalid characters"
;;