Revision a52ed76142f6e8d993bb4c50938a408966eb2b7c authored by Jeff King on 29 August 2019, 19:08:42 UTC, committed by Johannes Schindelin on 04 December 2019, 12:20:04 UTC
As with export-marks in the previous commit, import-marks can access the filesystem. This is significantly less dangerous than export-marks because it only involves reading from arbitrary paths, rather than writing them. However, it could still be surprising and have security implications (e.g., exfiltrating data from a service that accepts fast-import streams). Let's lump it (and its "if-exists" counterpart) in with export-marks, and enable the in-stream version only if --allow-unsafe-features is set. Signed-off-by: Jeff King <peff@peff.net>
1 parent 68061e3
File | Mode | Size |
---|---|---|
Git | ||
.gitignore | -rw-r--r-- | 79 bytes |
Git.pm | -rw-r--r-- | 47.8 KB |
Makefile | -rw-r--r-- | 2.2 KB |
Makefile.PL | -rw-r--r-- | 1.6 KB |
private-Error.pm | -rw-r--r-- | 18.6 KB |
Computing file changes ...