From ecdf6f2350e1d57d77d86ac5af6477e45bc25433 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@sita-lt.atc.tcs.com>
Date: Sun, 13 Dec 2009 12:43:44 +0530
Subject: [PATCH] auth: don't allow literal ".." in reponames

thanks to Teemu for catching this
---
 src/gl-auth-command | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/gl-auth-command b/src/gl-auth-command
index 3f0ea3b..b9e6359 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -104,6 +104,7 @@ die "bad command: $cmd.  Make sure the repo name is exactly as in your config\n"
     unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
         and  $repo and   $repo =~ $REPONAME_PATT );
 die "$repo ends with a slash; I don't like that\n" if $repo =~ /\/$/;
+die "$repo has two consecutive periods; I don't like that\n" if $repo =~ /\.\./;
 
 # ----------------------------------------------------------------------------
 #       first level permissions check