deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

tighten up pattern to check rsync arguments

Browse source 
thanks to Joe Schaefer at the ASF for catching it.  Note that this new
pattern *may* be too restrictive -- if you're using this feature and
have a problem with the new pattern please email me.

See email to gitolite mailing list around this date (2010-11-28) for
more details.
This commit is contained in:
Sitaram Chamarty 2010-11-28 20:01:39 +05:30
parent db97c5a40a
commit 2bbcc8239c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/gitolite.pm
View file

@ -1083,7 +1083,7 @@ sub ext_cmd_rsync
my $perm = "W";
$perm = "R" if $1;
my $path = $2;
die "I dont like some of the characters in $path\n" unless $path =~ $REPOPATT_PATT;
die "I dont like some of the characters in $path\n" unless $path =~ $REPONAME_PATT;
# XXX make a better pattern for this if people complain ;-)
die "I dont like absolute paths in $cmd\n" if $path =~ /^\//;
die "I dont like '..' paths in $cmd\n" if $path =~ /\.\./;