deac
/
gitolite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

move repo/user validity check deeper 

(but change repo check to allow repoPATT instead of just repoNAME)

This is because there are/will be some situations where access() is
called without those two checks being done (i.e., it is not only from
src/commands/access that it is called).
redis
Sitaram Chamarty 2012-05-06 18:53:52 +05:30
parent 196706c145
commit e76be7ff11
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/commands/access
View File

@ -49,8 +49,6 @@ my $ret = '';
if ( $repo ne '%' and $user ne '%' ) {
# single repo, single user; no STDIN
_die "invalid repo name" if not( $repo and $repo =~ $REPONAME_PATT );
_die "invalid user name" if not( $user and $user =~ $USERNAME_PATT );
$ret = access( $repo, $user, $aa, $ref );
if ( $ret =~ /DENIED/ ) {

2
src/lib/Gitolite/Conf/Load.pm
View File

@ -67,6 +67,8 @@ my $last_repo = '';
sub access {
my ( $repo, $user, $aa, $ref ) = @_;
_die "invalid repo '$repo'" if not( $repo and $repo =~ $REPOPATT_PATT );
_die "invalid user '$user'" if not( $user and $user =~ $USERNAME_PATT );
my $deny_rules = option( $repo, 'deny-rules' );
load($repo);