Commit bcc74d8
committed
refs: check refnames as fully qualified when writing
When a ref update is queued via ref_transaction_update(), we call
check_refname_format() to make sure the name is acceptable. We pass
REFNAME_ALLOW_ONELEVEL, which allows pseudorefs like MERGE_HEAD. But
that's not enough to forbid names outside of refs/ like "foo/bar" or
even scary stuff like "config" (though fortunately I think that should
never work because we cannot resolve "config" to read the old value).
Let's instead pass REFNAME_FULLY_QUALIFIED, which tells the checking
function that we really do have a full refname, and it can enforce
it as such.
This means that "git update-ref foo/bar HEAD" will now be rejected. Note
that _deleting_ such a ref is already forbidden (and there is a test in
t1430 for that already), due to some confusing differences between
check_refname_format() and refname_is_safe(). See the previous commit
for more details. And that case is already tested via t1430's
"update-ref -d cannot delete non-ref in .git dir" test, so we only need
to add tests for our newly-changed behavior.
Signed-off-by: Jeff King <peff@peff.net>1 parent 8efe3d6 commit bcc74d8
2 files changed
Lines changed: 11 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1381 | 1381 | | |
1382 | 1382 | | |
1383 | 1383 | | |
1384 | | - | |
| 1384 | + | |
1385 | 1385 | | |
1386 | 1386 | | |
1387 | 1387 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
389 | 389 | | |
390 | 390 | | |
391 | 391 | | |
| 392 | + | |
| 393 | + | |
| 394 | + | |
| 395 | + | |
| 396 | + | |
| 397 | + | |
| 398 | + | |
| 399 | + | |
| 400 | + | |
| 401 | + | |
392 | 402 | | |
0 commit comments