Index: cvsnt/src/commit.c diff -c cvsnt/src/commit.c:1.39.2.150 cvsnt/src/commit.c:1.39.2.151 *** cvsnt/src/commit.c:1.39.2.150 Tue Jul 21 14:34:05 2009 --- cvsnt/src/commit.c Tue Jul 21 15:03:51 2009 *************** *** 400,407 **** case 'b': if(bugid.size() && !only_bug) error(1,0,"Cannot mix -B and -b"); ! if(!RCS_check_bugid(optarg)) ! error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); if(bugid.size()) bugid+=","; bugid+=optarg; --- 400,407 ---- case 'b': if(bugid.size() && !only_bug) error(1,0,"Cannot mix -B and -b"); ! if(!RCS_check_bugid(optarg,true)) ! error(1,0,"Invalid characters in bug identifier. Please avoid \"'"); if(bugid.size()) bugid+=","; bugid+=optarg; *************** *** 410,417 **** case 'B': if(bugid.size() && only_bug) error(1,0,"Cannot mix -B and -b"); ! if(!RCS_check_bugid(optarg)) ! error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); if(bugid.size()) bugid+=","; bugid+=optarg; --- 410,417 ---- case 'B': if(bugid.size() && only_bug) error(1,0,"Cannot mix -B and -b"); ! if(!RCS_check_bugid(optarg,true)) ! error(1,0,"Invalid characters in bug identifier. Please avoid \"'"); if(bugid.size()) bugid+=","; bugid+=optarg; Index: cvsnt/src/edit.c diff -c cvsnt/src/edit.c:1.28.2.79 cvsnt/src/edit.c:1.28.2.80 *** cvsnt/src/edit.c:1.28.2.79 Sun Oct 28 17:56:08 2007 --- cvsnt/src/edit.c Tue Jul 21 15:03:51 2009 *************** *** 1046,1053 **** revert_only = 1; break; case 'b': ! if(!RCS_check_bugid(optarg)) ! error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); if(bugid.size()) bugid+=","; bugid +=optarg; --- 1046,1053 ---- revert_only = 1; break; case 'b': ! if(!RCS_check_bugid(optarg,true)) ! error(1,0,"Invalid characters in bug identifier. Please avoid \"'"); if(bugid.size()) bugid+=","; bugid +=optarg; Index: cvsnt/src/log.c diff -c cvsnt/src/log.c:1.32.2.43 cvsnt/src/log.c:1.32.2.44 *** cvsnt/src/log.c:1.32.2.43 Fri Oct 19 17:51:05 2007 --- cvsnt/src/log.c Tue Jul 21 15:03:51 2009 *************** *** 242,248 **** case 'B': if(log_data.bugid) error(1,0,"Cannot specify multiple -B"); ! if(!RCS_check_bugid(optarg)) error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); log_data.bugid=xstrdup(optarg); break; --- 242,248 ---- case 'B': if(log_data.bugid) error(1,0,"Cannot specify multiple -B"); ! if(!RCS_check_bugid(optarg,false)) error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); log_data.bugid=xstrdup(optarg); break; Index: cvsnt/src/rcs.c diff -c cvsnt/src/rcs.c:1.80.2.231 cvsnt/src/rcs.c:1.80.2.232 *** cvsnt/src/rcs.c:1.80.2.231 Tue Jul 21 14:34:06 2009 --- cvsnt/src/rcs.c Tue Jul 21 15:03:51 2009 *************** *** 3635,3650 **** /* Check a valid bug identifier. Pretty freeform except we avoid rcs end-of-string and quotes. Comma separates multiple bugs on a revision */ ! bool RCS_check_bugid (const char *bugid) { ! char *invalid = "\"',"; /* invalid bugid characters */ const char *cp; unsigned char c; for (cp = bugid; *cp; cp++) { c=(unsigned char)*cp; ! if(!isprint(c) || strchr(invalid,*cp)) return false; } --- 3635,3650 ---- /* Check a valid bug identifier. Pretty freeform except we avoid rcs end-of-string and quotes. Comma separates multiple bugs on a revision */ ! bool RCS_check_bugid (const char *bugid, bool allow_comma) { ! char *invalid = "\"'"; /* invalid bugid characters */ const char *cp; unsigned char c; for (cp = bugid; *cp; cp++) { c=(unsigned char)*cp; ! if(!isprint(c) || strchr(invalid,*cp) || (!allow_comma && *cp==',')) return false; } Index: cvsnt/src/update.c diff -c cvsnt/src/update.c:1.44.2.152 cvsnt/src/update.c:1.44.2.153 *** cvsnt/src/update.c:1.44.2.152 Wed May 28 00:25:41 2008 --- cvsnt/src/update.c Tue Jul 21 15:03:51 2009 *************** *** 173,180 **** case'B': if(merge_bugid) error(1,0,"Cannot specify multiple -B options"); ! if(!RCS_check_bugid(optarg)) ! error(1,0,"Invalid characters in bug identifier. Please avoid ,\"'"); merge_bugid = optarg; break; case 'C': --- 173,180 ---- case'B': if(merge_bugid) error(1,0,"Cannot specify multiple -B options"); ! if(!RCS_check_bugid(optarg,false)) ! error(1,0,"Invalid characters in bug identifier. Please avoid \"'"); merge_bugid = optarg; break; case 'C':