diff options
author | Dave Reisner <dreisner@archlinux.org> | 2013-07-30 15:24:48 -0400 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2013-08-08 21:28:10 +0200 |
commit | be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6 (patch) | |
tree | a5907bf32ccf54914ede5a355ea91137c760570e /archrelease.in | |
parent | fb30cabe61862f640f0e99f214dc2777a8ec1b35 (diff) | |
download | devtools32-be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6.tar.xz |
avoid injecting code into the format string
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Diffstat (limited to 'archrelease.in')
-rw-r--r-- | archrelease.in | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/archrelease.in b/archrelease.in index 2e742c2..6f52dbc 100644 --- a/archrelease.in +++ b/archrelease.in @@ -8,8 +8,8 @@ FORCE= while getopts ':f' flag; do case $flag in f) FORCE=1 ;; - :) die "Option requires an argument -- '$OPTARG'" ;; - \?) die "Invalid option -- '$OPTARG'" ;; + :) die "Option requires an argument -- '%s'" "$OPTARG" ;; + \?) die "Invalid option -- '%s'" "$OPTARG" ;; esac done shift $(( OPTIND - 1 )) @@ -23,7 +23,7 @@ fi if [[ -z $FORCE ]]; then for tag in "$@"; do if ! in_array "$tag" "${_tags[@]}"; then - die 'archrelease: Invalid tag: "'$tag'" (use -f to force release)' + die "archrelease: Invalid tag: '%s' (use -f to force release)" "$tag" fi done fi |