Auto-escape '&' and '$' in 'org' mode fields - Other minor tweaks #590
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Auto-escape '&' ampersand explanation: 'easyrsa' uses 'sed' to build a safe SSL config file, which means that an unescaped '&' ampersand cannot be used in the 'vars' file. This is due to 'sed' treating '&' as a special character. Rather than expect users to know all this and use extended escaping, to get around 'easyrsa' set_var(), use auto-escape. This allows use of unescaped '&' in vars file. Like any other character. Auto-escape '$' dollar-sign explanation: Using '$' in the 'vars' file MUST be escaped. Escaping '$' to stop expansion is common knowledge and the first thing a user will try. Using an escaped '$' in the 'vars' file results in an unescaped '$' being written to the SSL config file, which is then expanded by OpenSSL or choked on by LibreSSL. Auto-escaping '$' fixes this. Add SSL library name to die(). Allow verify_ssl_lib() to run ONLY once. Improve comments. Re-order the areas searched for data files to prioritise preferred locations over old defaults. Tested-with: OpenSSL and LibreSSL and on Windows and FreeBSD. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
added
enhancement
feedback welcome
Full-Approval
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Auto-escape '&' ampersand explanation:
'easyrsa' uses 'sed' to build a safe SSL config file, which means
that an unescaped '&' ampersand cannot be used in the 'vars' file.
This is due to 'sed' treating '&' as a special character.
Rather than expect users to know all this and use extended escaping,
to get around 'easyrsa' set_var(), use auto-escape. This allows use
of unescaped '&' in vars file. Like any other character.
Auto-escape
'$'dollar-sign explanation:Using
'$'in the 'vars' file MUST be escaped. Escaping'$'to stopexpansion is common knowledge and the first thing a user will try.
Using an escaped
'$'in the 'vars' file results in an unescaped'$'being written to the SSL config file, which is then expanded by
OpenSSL or choked on by LibreSSL. Auto-escaping
'$'fixes this.Add SSL library name to die().
Allow verify_ssl_lib() to run ONLY once.
Improve comments.
Re-order the areas searched for data files to prioritise preferred
locations over old defaults.
Tested-with: OpenSSL and LibreSSL and on Windows and FreeBSD.
Signed-off-by: Richard T Bonhomme tincantech@protonmail.com