Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: I've caught up on pending commits; how about you?

X-seq: zsh-workers 48870
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: Re: I've caught up on pending commits; how about you?
Date: Tue, 18 May 2021 00:31:10 +0000
Archived-at: <https://zsh.org/workers/48870>
In-reply-to: <CAH+w=7ZCz5z2ecNzmp-=J3ENWgTJQ_=S+UquiNWfLwFKi+D0qA@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
References: <CAH+w=7bHwhx+342257Gfq=8FhquomwY5LFNCtG4XEjos1J4mZA@mail.gmail.com> <88f30242-af89-433c-b763-4a15b72a498b@www.fastmail.com> <CAH+w=7ZCz5z2ecNzmp-=J3ENWgTJQ_=S+UquiNWfLwFKi+D0qA@mail.gmail.com>

Bart Schaefer wrote on Sat, May 15, 2021 at 17:40:28 -0700:
> On Sat, May 15, 2021 at 4:22 PM Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > And there's the ctags patch that has been committed with some review
> > points outstanding.  A glance at _ctags in master shows that external
> > command output is passed to _values' «spec» arguments unsanitized.
> 
> I don't have access to the ctags variant that supports
> --list-languages, but I presume you're referring to
> 
>   _values -s , languages $languages

Yes.

> The value of $languages comes from _ctags_languages which produces
> only strings matching the sed pattern
> [A-Za-z][A-Za-z0-9#_+]*
> 
> What additional sanitation do you feel is needed?  This was done in
> response to your previous criticism of this point.

None, sorry, this seems fine.  I'd missed the sed, sorry.

> As far as I can tell the only un-address review points are from
> Oliver's workers/48296

Thanks.

Daniel

References:
- I've caught up on pending commits; how about you?
  - From: Bart Schaefer
- Re: I've caught up on pending commits; how about you?
  - From: Daniel Shahaf
- Re: I've caught up on pending commits; how about you?
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author