Browse Source
The Config class must be safe to run against untrusted input files. Reading arbitrary local system paths using include.path is risky for servers, including Gerrit Code Review. Return null by default to incide the include should be ignored. Only FileBasedConfig which originated from local disk should be trying to read local system paths. FileBasedConfig already overrides this method with its own implementation. Change-Id: I2ff31753868aa1bbac4a6843a4c23e50bd6f46f3stable-4.10
Shawn Pearce
7 years ago
2 changed files with 4 additions and 33 deletions
Loading…
Reference in new issue