On Wed, Jun 25, 2025, at 15:57, Phillip Wood wrote:

On 25/06/2025 09:53, Kristoffer Haugsbakk wrote:

quoted

On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:

quoted

Hi,

Our customer has found a possible issue when switching branches.
Output redirection character `>` is not escaped properly when
switching/checking out to different branch.

Steps to reproduce:
1. Create a new branch and switch back to master

$ git switch -C 'issue#1234>/tmp/dangerfile'
Switched to a new branch 'issue#1234>/tmp/dangerfile'
$ git switch master

It’s too bad that git-check-ref-format(1) does not disallow `>`.

It also allows `<`, `$`, `&`, `;`, `(`, `)`, `#`, `"`, `'`, '`' and `|`. 
Our ref format is not designed for them to be used unquoted in the 
shell. I think the problem here is with our completion script not 
quoting the refname, not the format.

On Wed, Jun 25, 2025, at 18:38, Junio C Hamano wrote:

"Kristoffer Haugsbakk" [off-list ref] writes:

quoted

On Tue, Jun 24, 2025, at 14:59, Ondrej Pohorelsky wrote:

quoted

Hi,

Our customer has found a possible issue when switching branches.
Output redirection character `>` is not escaped properly when
switching/checking out to different branch.

Steps to reproduce:
1. Create a new branch and switch back to master

$ git switch -C 'issue#1234>/tmp/dangerfile'
Switched to a new branch 'issue#1234>/tmp/dangerfile'
$ git switch master

It’s too bad that git-check-ref-format(1) does not disallow `>`.

Is it?  It looks like an outright bug in the completion code,
nothing more, to me.

That was an aside.