if (recurse || xfer_dirs) {
/* Now create a rule with an added "/" & "**" or "*" at the end */
rule = new0(filter_rule);
+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
if (recurse)
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2;
- else
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
- /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */
+ rule->rflags |= FILTRULE_WILD2;
+ /* We must leave enough room for / * * \0. */
if (!saw_wild && backslash_cnt) {
/* We are appending a wildcard, so now the backslashes need to be escaped. */
p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
transfer. Also, beginning with version 3.2.5, rsync does two more safety
checks of the file list to (1) ensure that no extra source arguments were added
into the transfer other than those that the client requested and (2) ensure
-that the file list obeys the exclude rules that we sent to the sender.
+that the file list obeys the exclude rules that were sent to the sender.
-For those that don't yet have a 3.2.5 client rsync, it is safest to do a copy
-into a dedicated destination directory for the remote files rather than
-requesting the remote content get mixed in with other local content. For
-example, doing an rsync copy into your home directory is potentially unsafe on
-an older rsync if the remote rsync is being controlled by a bad actor:
+For those that don't yet have a 3.2.5 client rsync (or those that want to be
+extra careful), it is safest to do a copy into a dedicated destination
+directory for the remote files when you don't trust the remote host. For
+example, instead of doing an rsync copy into your home directory:
> rsync -aiv host1:dir1 ~
-A safer command would be:
+Dedicate a "host1-files" dir to the remote content:
> rsync -aiv host1:dir1 ~/host1-files