Open cirosantilli opened 9 years ago
They've replied (but I don't know who: it only says "GitHub Staff" this time).
OK, after https://github.com/blog/1938-vulnerability-announced-update-your-git-clients Git will blacklist uppercase .GIT
from being tracked, so allowing .GIT
is out. I though it was going to get fixed by just not checking things out.
Next, they've already improved the UI validation, but it is still different from lowercase .git
:
.git/
disappears on the fly via Js like before..GIT/
gives an in page error error: "That path contains a malformed path component. Please choose a different path and try again.". It's already better since you don't go to a dead end page, but could be more uniform.Yeah, .GIT
is a bad citizen in the cross-platform Git community, so I'm all in favor of blacklisting it (especially since that's what the mainline client does now by default). Agreed that GitHub should unify their solutions, though (not allowing the commit from the editor in realtime, the same way as .git
).
Out of curiosity, if you bypass the .git
prevention JS to post a file creation, does it give you the same error as .GIT
currently does?
Either:
on web UI blob create / rename, validate it nicely like for the lowercase
.git
.If you try to create a file named
.git
file from the web editor, it automatically removes that path component / deactivates the commit button.But if you use
.GIT
with upper case the creation fails less gracefully.allow uppercase
.GIT
. I think this is the best possibility.It is currently blocked on push and API.
Git itself allows it, so it is an unnecessary restriction.
GitHub can already currently deal with case sensitive files, e.g.: https://github.com/cirosantilli/test/blob/54203288c929edca978088d51b55b6b5ac0b3eca/CASE and https://github.com/cirosantilli/test/blob/54203288c929edca978088d51b55b6b5ac0b3eca/case
GitLab allows it: https://gitlab.com/cirosantilli/test-GIT/tree/master