Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Escape problematic characters in CREDITS files
On Windows, the contents of the CREDITS files are passed to rc.exe via the command line. To avoid undesired behavior, we need to escape some characters, most notably `<` (which is sometimes used in CREDITS to enclose mail addresses), which otherwise is interpreted as redirection operator, resulting in the hard to understand "The system cannot find the file specified." Even more dangerous is not properly escaping percent signs, which makes it possible for a malicious CREDITS file to inject the values of environment variables of the build system into the generated binaries. This is particularly bad, because as of Windows Vista, the comments can no longer be inspected via explorer.exe, although the binaries still contain these comments. We also cater to double-quotes, which need to be escaped as `\"\"` in this context. Closes GH-8767.
- Loading branch information