diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-11-07 08:57:52 +0100 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-11-26 20:24:00 +0100 |
| commit | c903985bf7e772e2d08275c1a95c8a55ab011577 (patch) | |
| tree | 485d53e1839ac405ce36fbf210855f8266bb4476 /credential.c | |
| parent | 83b08eb19f05710a92d565124606dcaf68bcc68b (diff) | |
| download | git-c903985bf7e772e2d08275c1a95c8a55ab011577.tar.xz | |
credential_format(): also encode <host>[:<port>]
An upcoming change wants to sanitize the credential password prompt
where a URL is displayed that may potentially come from a `.gitmodules`
file. To this end, the `credential_format()` function is employed.
To sanitize the host name (and optional port) part of the URL, we need a
new mode of the `strbuf_add_percentencode()` function because the
current mode is both too strict and too lenient: too strict because it
encodes `:`, `[` and `]` (which should be left unencoded in
`<host>:<port>` and in IPv6 addresses), and too lenient because it does
not encode invalid host name characters `/`, `_` and `~`.
So let's introduce and use a new mode specifically to encode the host
name and optional port part of a URI, leaving alpha-numerical
characters, periods, colons and brackets alone and encoding all others.
This only leads to a change of behavior for URLs that contain invalid
host names.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'credential.c')
| -rw-r--r-- | credential.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/credential.c b/credential.c index f32011343f..572f1785da 100644 --- a/credential.c +++ b/credential.c @@ -164,7 +164,8 @@ static void credential_format(struct credential *c, struct strbuf *out) strbuf_addch(out, '@'); } if (c->host) - strbuf_addstr(out, c->host); + strbuf_add_percentencode(out, c->host, + STRBUF_ENCODE_HOST_AND_PORT); if (c->path) { strbuf_addch(out, '/'); strbuf_add_percentencode(out, c->path, 0); |