mirror of https://git.zx2c4.com/cgit/
syntax-highlighting.sh: Fix command injection.
By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting.lf/filter
parent
37141051ed
commit
7ea35f9f8e
Loading…
Reference in New Issue