Mercurial Mercurial > mercurial / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-subrepo-svn.t
branchstable
changeset 33644 943c91326b23
parent 33641 173ecccb9ee7 
--- a/tests/test-subrepo-svn.t	Fri Aug 04 23:54:12 2017 -0700
+++ b/tests/test-subrepo-svn.t	Mon Aug 07 22:22:28 2017 +0900
@@ -668,30 +668,6 @@
   abort: potentially unsafe url: 'svn+ssh://-oProxyCommand=touch owned nested' (in subrepo s)
   [255]
 
-also check for a pipe
-
-  $ cd ssh-vuln
-  $ echo "s = [svn]svn+ssh://fakehost|sh%20nested" > .hgsub
-  $ hg ci -m3
-  $ cd ..
-  $ rm -r ssh-vuln-clone
-  $ hg clone ssh-vuln ssh-vuln-clone
-  updating to branch default
-  abort: potentially unsafe url: 'svn+ssh://fakehost|sh nested' (in subrepo s)
-  [255]
-
-also check that a percent encoded '|' (%7C) doesn't work
-
-  $ cd ssh-vuln
-  $ echo "s = [svn]svn+ssh://fakehost%7Csh%20nested" > .hgsub
-  $ hg ci -m3
-  $ cd ..
-  $ rm -r ssh-vuln-clone
-  $ hg clone ssh-vuln ssh-vuln-clone
-  updating to branch default
-  abort: potentially unsafe url: 'svn+ssh://fakehost|sh nested' (in subrepo s)
-  [255]
-
 also check that hiding the attack in the username doesn't work:
 
   $ cd ssh-vuln
mercurial