Tighten up XDG base directory path handling - catgirl

diff options

author	June McEnroe <june@causal.agency>	2021-01-26 15:39:13 -0500
committer	June McEnroe <june@causal.agency>	2021-01-26 15:51:40 -0500
commit	e89e6dda99fbc3d0d952da5692014326f8cf7a74 (patch)
tree	276955f47f690eccda6956fd6bd928300c4e4698 /scripts
parent	Expand the opening paragraph of the manual (diff)
download	catgirl-e89e6dda99fbc3d0d952da5692014326f8cf7a74.tar.gz catgirl-e89e6dda99fbc3d0d952da5692014326f8cf7a74.zip

Tighten up XDG base directory path handling

Don't search base directories if path starts with "/", "./" or
"../", but still do if the path simply starts with ".". Bail early
if HOME is needed but unset. Don't attempt to open the original
path in configOpen and dataOpen.

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions

intf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strcpy()Christian Hesse Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban sprintf()Christian Hesse Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-08-28filters: generate anchor links from markdownChristian Hesse This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com> 2018-08-03Bump version.Jason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-08-03clone: fix directory traversalJason A. Donenfeld This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com> 2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev


context:
space:
mode: