Commit 3da1f37d authored by Michael Haggerty's avatar Michael Haggerty

ref_transaction_update(): check refname_is_safe() at a minimum

If the user has asked that a new value be set for a reference, we use
check_refname_format() to verify that the reference name satisfies all
of the rules. But in other cases, at least check that refname_is_safe().
Signed-off-by: default avatarMichael Haggerty <[email protected]>
parent e76e0d41
...@@ -805,8 +805,9 @@ int ref_transaction_update(struct ref_transaction *transaction, ...@@ -805,8 +805,9 @@ int ref_transaction_update(struct ref_transaction *transaction,
{ {
assert(err); assert(err);
if (new_sha1 && !is_null_sha1(new_sha1) && if ((new_sha1 && !is_null_sha1(new_sha1)) ?
check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) { check_refname_format(refname, REFNAME_ALLOW_ONELEVEL) :
!refname_is_safe(refname)) {
strbuf_addf(err, "refusing to update ref with bad name '%s'", strbuf_addf(err, "refusing to update ref with bad name '%s'",
refname); refname);
return -1; return -1;
......
...@@ -23,7 +23,7 @@ test_expect_success setup ' ...@@ -23,7 +23,7 @@ test_expect_success setup '
m=refs/heads/master m=refs/heads/master
n_dir=refs/heads/gu n_dir=refs/heads/gu
n=$n_dir/fixes n=$n_dir/fixes
outside=foo outside=refs/foo
test_expect_success \ test_expect_success \
"create $m" \ "create $m" \
......
...@@ -285,7 +285,7 @@ test_expect_success 'update-ref -d cannot delete non-ref in .git dir' ' ...@@ -285,7 +285,7 @@ test_expect_success 'update-ref -d cannot delete non-ref in .git dir' '
echo precious >expect && echo precious >expect &&
test_must_fail git update-ref -d my-private-file >output 2>error && test_must_fail git update-ref -d my-private-file >output 2>error &&
test_must_be_empty output && test_must_be_empty output &&
test_i18ngrep -e "cannot lock .*: unable to resolve reference" error && test_i18ngrep -e "refusing to update ref with bad name" error &&
test_cmp expect .git/my-private-file test_cmp expect .git/my-private-file
' '
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment