Page MenuHomePhabricator

quark.zju (Wu Jun)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Aug 28 2013, 6:46 PM (325 w, 1 d)
Availability
Available

Recent Activity

Dec 28 2018

quark.zju added a comment to T13209: How To Properly Escape Commands on Windows (A Dark Tragedy).

I'm not an Windows expert. But to my knowledge there are a couple of things missing here:

Dec 28 2018, 8:14 PM · Arcanist, Windows

Nov 21 2017

quark.zju added a comment to T13012: Mercurial "--config" and "--debugger" command injection vulnerability.

That's a good point! I wish it was designed like that since the beginning. I guess it won't happen with the current compatibility rules since it is likely to break automation.

Nov 21 2017, 11:03 PM · Mercurial, Security
quark.zju added a comment to T13012: Mercurial "--config" and "--debugger" command injection vulnerability.

https://phab.mercurial-scm.org/D1483 should make it possible to use -- to defend against non-flag user input. For inputs that are flags, use the form --flag=X and avoid --flag X.

Nov 21 2017, 9:09 PM · Mercurial, Security

Sep 10 2017

quark.zju added inline comments to D18519: Config re-design.
Sep 10 2017, 8:15 AM

Aug 27 2017

quark.zju added a comment to T7339: Raise a setup warning when the "en_US.UTF-8" locale is unavailable.

For hg, set HGPLAIN=1 will disable translations. See hg help scripting for details.

Aug 27 2017, 6:14 PM · Diffusion (v3)

Aug 11 2017

quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the detailed explanations! I should have thought more carefully. Note old Mercurial also fails to do correct shell quoting on Windows (It uses ' where Windows needs "). But Phabricator does not run on Windows, it shouldn't be an issue.

Aug 11 2017, 3:22 AM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The subrepo issue is when .hgsub has malicious content (ex. foo = ssh://-oProxyCommand=touch%20BAR/). It's not related to command line or config files.

Aug 11 2017, 1:25 AM · Subversion, Mercurial, Git, Security

Jul 21 2017

quark.zju awarded Blog Post: Write, Review, Merge, Publish: Phabricator Review Workflow a Like token.
Jul 21 2017, 2:57 AM

Jul 9 2017

quark.zju added Q635: arc land fails with error "Usage Exception: --merge is not currently supported for hg repos." (Answer 555).
Jul 9 2017, 8:37 PM

Jul 2 2017

quark.zju added a comment to T12618: Parse multiple commits and commit metadata from "hg log --patch" and "hg export".

Parsing hg export metadata is an elegant solution. # HG changeset patch could imply sourceControlSystem = 'hg'. Thanks for merging the task!

Jul 2 2017, 7:30 PM · Arcanist, Mercurial, Differential, Conduit, Feature Request
quark.zju added a comment to T12890: Add sourceControlSystem parameter to differential.createrawdiff.

The background is the Mercurial community wants to try Phabricator as an experimental review system. It's using emails now. I'd like to make Phabricator workflow as convenient as traditional email workflow.

Jul 2 2017, 7:16 PM · Feature Request
quark.zju created T12890: Add sourceControlSystem parameter to differential.createrawdiff.
Jul 2 2017, 6:47 PM · Feature Request
quark.zju renamed T12888: repository.query doc points to invalid API diffusion.repository.query from `repository.query` points to invalid API `diffusion.repository.query` to repository.query doc points to invalid API diffusion.repository.query.
Jul 2 2017, 1:00 AM · Bug Report
quark.zju created T12888: repository.query doc points to invalid API diffusion.repository.query.
Jul 2 2017, 1:00 AM · Bug Report