Commit 5237f51
committed
refs: check refnames as fully qualified when writing
When a ref update is queued via ref_transaction_update(), we call
check_refname_format() to make sure the name is acceptable. We pass
REFNAME_ALLOW_ONELEVEL, which allows pseudorefs like MERGE_HEAD. But
that's not enough to forbid names outside of refs/ like "foo/bar" or
even scary stuff like "config" (though fortunately I think that should
never work because we cannot resolve "config" to read the old value).
Let's instead pass REFNAME_FULLY_QUALIFIED, which tells the checking
function that we really do have a full refname, and it can enforce
it as such.
This means that "git update-ref foo/bar HEAD" will now be rejected. Note
that _deleting_ such a ref is already forbidden (and there is a test in
t1430 for that already), due to some confusing differences between
check_refname_format() and refname_is_safe(). See the previous commit
for more details. And that case is already tested via t1430's
"update-ref -d cannot delete non-ref in .git dir" test, so we only need
to add tests for our newly-changed behavior.
Signed-off-by: Jeff King <peff@peff.net>1 parent 4e15bbe commit 5237f51
2 files changed
+11
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1348 | 1348 | | |
1349 | 1349 | | |
1350 | 1350 | | |
1351 | | - | |
| 1351 | + | |
1352 | 1352 | | |
1353 | 1353 | | |
1354 | 1354 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
389 | 389 | | |
390 | 390 | | |
391 | 391 | | |
| 392 | + | |
| 393 | + | |
| 394 | + | |
| 395 | + | |
| 396 | + | |
| 397 | + | |
| 398 | + | |
| 399 | + | |
| 400 | + | |
| 401 | + | |
392 | 402 | | |
0 commit comments