On 25/06/2025 09:53, Kristoffer Haugsbakk wrote:
On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:
Hi,
Our customer has found a possible issue when switching branches.
Output redirection character `>` is not escaped properly when
switching/checking out to different branch.
Steps to reproduce:
1. Create a new branch and switch back to master
```
$ git switch -C 'issue#1234>/tmp/dangerfile'
Switched to a new branch 'issue#1234>/tmp/dangerfile'
$ git switch master
```
It’s too bad that git-check-ref-format(1) does not disallow `>`.
It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`.
Our ref format is not designed for them to be used unquoted in the
shell. I think the problem here is with our completion script not
quoting the refname, not the format.
Best Wishes
Phillip
It would be nice to have an opt-in extension to the ref format check
which disallows `>`.
