git-commit-vandalism/contrib/completion
Christian Couder e693237e2b list-objects-filter: disable 'sparse:path' filters
If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.

So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.

If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.

For now though, let's just disable 'sparse:path' filters.

Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-05-29 11:05:34 -07:00
..
.gitattributes completion: mark bash script as LF-only 2017-05-10 13:32:51 +09:00
git-completion.bash list-objects-filter: disable 'sparse:path' filters 2019-05-29 11:05:34 -07:00
git-completion.tcsh
git-completion.zsh zsh: complete unquoted paths with spaces correctly 2019-01-03 11:48:13 -08:00
git-prompt.sh git-prompt: fix reading files with windows line endings 2017-12-06 10:08:13 -08:00