deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

move repo/user validity check deeper

Browse source 
(but change repo check to allow repoPATT instead of just repoNAME)

This is because there are/will be some situations where access() is
called without those two checks being done (i.e., it is not only from
src/commands/access that it is called).
This commit is contained in:
Sitaram Chamarty 2012-05-06 18:53:52 +05:30
parent 196706c145
commit e76be7ff11
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/commands/access
View file

@ -49,8 +49,6 @@ my $ret = '';
if ( $repo ne '%' and $user ne '%' ) { if ( $repo ne '%' and $user ne '%' ) {
# single repo, single user; no STDIN # single repo, single user; no STDIN
_die "invalid repo name" if not( $repo and $repo =~ $REPONAME_PATT );
_die "invalid user name" if not( $user and $user =~ $USERNAME_PATT );
$ret = access( $repo, $user, $aa, $ref ); $ret = access( $repo, $user, $aa, $ref );
if ( $ret =~ /DENIED/ ) { if ( $ret =~ /DENIED/ ) {

2
src/lib/Gitolite/Conf/Load.pm
View file

@ -67,6 +67,8 @@ my $last_repo = '';
sub access { sub access {
my ( $repo, $user, $aa, $ref ) = @_; my ( $repo, $user, $aa, $ref ) = @_;
_die "invalid repo '$repo'" if not( $repo and $repo =~ $REPOPATT_PATT );
_die "invalid user '$user'" if not( $user and $user =~ $USERNAME_PATT );
my $deny_rules = option( $repo, 'deny-rules' ); my $deny_rules = option( $repo, 'deny-rules' );
load($repo); load($repo);