The new default is to protect args and options from unintended shell
interpretation using backslash escapes. See the new `--old-args` option
for a way to get the old-style splitting. This idiom was chosen over
making `--protect-args` enabled by default because it is more backward
compatible (e.g. it works with rrsync). Fixes#272.
- Convert rrsync to python.
- Enhance security of arg & option checking.
- Reject `-L` (`--copy-links`) by default.
- Add `-munge` and `-no-del` options.
- Tweak the logfile line format.
- Created an rrsync man page.
- Use `configure --with-rrsync` if you want `make install` to install
rrsync and its man page.
- Give lsh more rrsync testing support.
backslash prior to whitespace without treating it as escaped
whitespace (e.g. if we receive "foo\\ bar", it is two args,
while "foo\ bar" and "foo\\\ bar" are each just one).
- Made the user-config sections easier to find.
- Default to running a fully-specified rsync executable so that there
are not PATH surprises.
- A few minor tweaks to the arg-checking code to make it clearer without
actually changing its logic.
can't fool us into thinking we're the sender by using a filename
of --sender (or similar ploy).
- Make sure that our '..' check can't be fooled by sly backslashing.
- Tweaked some comments.
- Fully parse all legal options that might come from a stock rsync and
validate/restrict any option's args (previously we rejected options
with args).
- Made it easy to disable specific options.
- Properly handle a multi-arg copy's multiple args.
- Make sure that the restricted dir actually exists and we can chdir
to it.
- Just reject any dangerous args that have .. in them instead of trying
to munge them.
- We don't treat single-or double-quotes specially, just backslash-
escaped characters.
- Turn on strict mode.
- Use the array-arg version of exec() so that we don't spawn a shell.
- Use File::Glob to glob wildcards in args.
- Tweaked the log-file format so that it logs the modified command
without any "OK" suffix.
- Allow spaces and a few other extra chars in file names.
- For safety, disallow any option that takes an arg. This should
be improved in the future because it blocks options such as
--block-size=N, but without this rule the user could specify
something like --files-from=FILE or --backup-dir=DIR and have
it affect files outside the desired SUBDIR restriction.
- Switched to SSH_CONNECTION from the deprecated SSH_CLIENT.
- Strip "::ffff:" from the start of an IP from SSH_CONNECTION.
