diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:31 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:32 -0800 |
| commit | 8a2882f23ecce3a8742743555a408e508d4db806 (patch) | |
| tree | 3e543652bc74d5401d6c3858410ad434ae02451a /t/t5551-http-fetch-smart.sh | |
| parent | 73e494f86239b7edcf44f4c185c997b05c0e763b (diff) | |
| parent | cb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e (diff) | |
| download | git-8a2882f23ecce3a8742743555a408e508d4db806.tar.gz | |
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.
* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect
Diffstat (limited to 't/t5551-http-fetch-smart.sh')
| -rwxr-xr-x | t/t5551-http-fetch-smart.sh | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh index 1ec5b2747a..6e5b9e42fb 100755 --- a/t/t5551-http-fetch-smart.sh +++ b/t/t5551-http-fetch-smart.sh @@ -119,6 +119,10 @@ test_expect_success 'redirects re-root further requests' ' git clone $HTTPD_URL/smart-redir-limited/repo.git repo-redir-limited ' +test_expect_success 're-rooting dies on insane schemes' ' + test_must_fail git clone $HTTPD_URL/insane-redir/repo.git insane +' + test_expect_success 'clone from password-protected repository' ' echo two >expect && set_askpass user@host pass@host && |