On Wed, Mar 08, 2023 at 04:01:20PM +0100, Omar Polo wrote:
> do we really need to quote all these characters?  Since we're wrapping
> everything in _single_ quotes I thought we only needed to quote \ and
> the single quote itself.

I don't know. Are there rules in POSIX we can refer to?

I took the quoting rules from /usr/bin/locale. 
I presume it makes it safe to run `eval` on locale's output (though
I'd have to ask guenther@ for specifics). In any case, given that
the remote server might be spawning a regular unix shell I think it
makes sense to quote this argument by default, such that a bad path
argument accidentally produced by some script will not cause problems.
(Disregarding people trying to play jokes by removing this safe-guard
and sending garbage on purpose, then it becomes a server-side problem).

In case of gotsh/gotd we don't care, and we also don't really care
whether any of these characters work in a gotd.conf repository path.
Some of them probably won't ever work because of parse.y limitations?

One problem could be that someone out there is using some characters in
a path (perhaps ~ could appear somehwere) and someone else wants to use
'got clone' with the resulting URL. In that case they can always use Git as
a workaround, or we can adjust our quoting as such problems get uncovered.
Should we provide an option to turn the quoting off, just in case?

> Then I took a look at git: in quote.c:sq_quote_buf quotes ' and !
> which I find admittedly confusing.  it is the function used in
> connect.c:git_connect to prepare the ssh connection.

No idea.
Even just the single-quote requirement of git-shell is silly to begin with.
git-shell should be doing its own escaping, assuming arbitrary input, not
require the input to be already quoted somehow.