deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

auth: don't allow literal ".." in reponames

Browse source 
thanks to Teemu for catching this
This commit is contained in:
Sitaram Chamarty 2009-12-13 12:43:44 +05:30
parent 3eb29e17fc
commit ecdf6f2350
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/gl-auth-command
View file

@ -104,6 +104,7 @@ die "bad command: $cmd. Make sure the repo name is exactly as in your config\n"
unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS ) unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
and $repo and $repo =~ $REPONAME_PATT ); and $repo and $repo =~ $REPONAME_PATT );
die "$repo ends with a slash; I don't like that\n" if $repo =~ /\/$/; die "$repo ends with a slash; I don't like that\n" if $repo =~ /\/$/;
die "$repo has two consecutive periods; I don't like that\n" if $repo =~ /\.\./;
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# first level permissions check # first level permissions check