Differences From:

File src/add.c part of check-in [c9fdb846fb] - Add the "help" command and the "clean" command. More work is needed on the text for various help messages. by drh on 2007-08-18 02:45:47. [view]

To:

File src/add.c part of check-in [da9d38e2c3] - Fix the "add" command is that it does not allow users to accidently add files that contain shell wildcard characters. by drh on 2007-10-15 20:45:11. Also file src/add.c part of check-in [d0305b305a] - Merged mainline into my branch to get the newest application. by aku on 2007-12-05 08:07:46. [view]

@@ -51,9 +51,9 @@
     char *zPath;
     Blob pathname;
     int isDir;
 
-    zName = mprintf("%s", g.argv[i]);
+    zName = mprintf("%/", g.argv[i]);
     isDir = file_isdir(zName);
     if( isDir==1 ) continue;
     if( isDir==0 ){
       fossil_fatal("not found: %s", zName);
@@ -64,8 +64,11 @@
     file_tree_name(zName, &pathname);
     zPath = blob_str(&pathname);
     if( strcmp(zPath, "manifest")==0 || strcmp(zPath, "_FOSSIL_")==0 ){
       fossil_fatal("cannot add %s", zPath);
+    }
+    if( !file_is_simple_pathname(zPath) ){
+      fossil_fatal("filename contains illegal characters: %s", zPath);
     }
     if( db_exists("SELECT 1 FROM vfile WHERE pathname=%Q", zPath) ){
       db_multi_exec("UPDATE vfile SET deleted=0 WHERE pathname=%Q", zPath);
     }else{
@@ -101,9 +104,9 @@
     char *zName;
     char *zPath;
     Blob pathname;
 
-    zName = mprintf("%s", g.argv[i]);
+    zName = mprintf("%/", g.argv[i]);
     file_tree_name(zName, &pathname);
     zPath = blob_str(&pathname);
     if( !db_exists(
              "SELECT 1 FROM vfile WHERE pathname=%Q AND NOT deleted", zPath) ){