kiss: more relaxed sanitization as per POSIX globbing spec.

2019-10-01 22:48:30 +03:00 · 2019-10-01 22:48:30 +03:00 · bae681f84f
commit bae681f84f
parent 718b774f3c
1 changed files with 4 additions and 1 deletions
--- a/5
+++ b/5
@ -858,9 +858,12 @@ args() {
    # Unless this is a search, sanitize the user's input. The call to
    # 'pkg_find()' supports basic globbing, ensure input doesn't expand
    # to anything except for when this behavior is needed.
+    #
+    # This handles the globbing characters '*', '!', '[' and ']' as per:
+    # https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
    [ "$action" != search ] && [ "$action" != s ] &&
        case $* in
-            *[!a-zA-Z0-9_-]*)
+            *'*'*|*'!'*|*'['*|*']'*)
                log kiss "$action $*"
                die "Arguments contain invalid characters"
            ;;