request-pull: quote regex metacharacters in local ref

The local part of the third argument of git-request-pull is used in
a regular expression without quoting it.  Use qr{} and \Q\E to ensure
that e.g. a period in a tag name does not match any character on the
remote side.

Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Junio C Hamano <[email protected]>

Author: bonzini

git-request-pull.sh

@@ -83,19 +83,18 @@ die "fatal: No commits in common between $base and $head"
 # Otherwise find a random ref that matches $headrev.
 find_matching_ref='
 	my ($head,$headrev) = (@ARGV);
+	my $pattern = qr{/\Q$head\E$};
 	my ($found);
 
 	while (<STDIN>) {
 		chomp;
 		my ($sha1, $ref, $deref) = /^(\S+)\s+([^^]+)(\S*)$/;
-		my ($pattern);
 		next unless ($sha1 eq $headrev);
 
-		$pattern="/$head\$";
 		if ($ref eq $head) {
 			$found = $ref;
 		}
-		if ($ref =~ /$pattern/) {
+		if ($ref =~ $pattern) {
 			$found = $ref;
 		}
 		if ($sha1 eq $head) {

t/t5150-request-pull.sh

@@ -246,4 +246,22 @@ test_expect_success 'request-pull ignores OPTIONS_KEEPDASHDASH poison' '
 
 '
 
+test_expect_success 'request-pull quotes regex metacharacters properly' '
+
+	rm -fr downstream.git &&
+	git init --bare downstream.git &&
+	(
+		cd local &&
+		git checkout initial &&
+		git merge --ff-only master &&
+		git tag -mrelease v2.0 &&
+		git push origin refs/tags/v2.0:refs/tags/v2-0 &&
+		test_must_fail git request-pull initial "$downstream_url" tags/v2.0 \
+			2>../err
+	) &&
+	grep "No match for commit .*" err &&
+	grep "Are you sure you pushed" err
+
+'
+
 test_done