"accidental [mis]feature" -- yet another admin->shell hole blocked!

This is a pretty big hole, really. Only the fact that Eli called it an "accidental feature" helped catch it :) Notes on the code: An explicit list of paths -- maybe just "conf", "keydir", and "local" -- would have been easier, but this isn't too bad, I think.
2010-04-12 20:50:26 +05:30 · 2010-04-12 20:50:26 +05:30 · 5fd9328c1c
parent 55e754a09f
commit 5fd9328c1c
1 changed files with 2 additions and 1 deletions
--- a/hooks/gitolite-admin/post-update
+++ b/hooks/gitolite-admin/post-update
@ -2,7 +2,8 @@

 # checkout the master branch to $GL_ADMINDIR
 # (the GL_ADMINDIR env var would have been set by gl-auth-command)
-GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master
+GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master -- \
+    `git ls-tree master | cut -f2 | perl -lne 'print unless /^(src|hooks)$/'`

 od=$PWD
 cd $GL_ADMINDIR