Closed kosak closed 9 years ago
I wonder if the path checking is too strict. For example zzz~1.zzz is now invalid
Yes, correct. zzz~1.zzz
can conflict with a short name. For example, if you already have a file (possibly untracked) of the name zzz.is-a-long-name.zzz
, its short name will be zzz~1.zzz
and it could be overwritten by a pull if we allowed such names.
Therefore, 1.9.5 indeed fixes a bug.
If you need to work with such files that possibly damage your collaborators working directories, you will have to ask them to set the config variable core.protectNTFS
to false
, but you will also have to explain to them that they open their working directories to serious problems.
I notice in Git-1.9.5-preview20141217 that some previously-allowed paths are considered invalid.
I suppose this is due to CVE-2014-9390, but I wonder if the path checking is too strict. For example zzz~1.zzz is now invalid:
I've confirmed the above works without error in Git-1.9.4-preview20140815 I'm not certain this is a bug; I don't really know the total scope of the change... but I was assuming it was limited to paths that look too much like ".git"