auth: don't allow literal ".." in reponames

thanks to Teemu for catching this
2009-12-13 12:43:44 +05:30 · 2009-12-13 12:43:44 +05:30 · ecdf6f2350
parent 3eb29e17fc
commit ecdf6f2350
1 changed files with 1 additions and 0 deletions
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@ -104,6 +104,7 @@ die "bad command: $cmd.  Make sure the repo name is exactly as in your config\n"
    unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
        and  $repo and   $repo =~ $REPONAME_PATT );
 die "$repo ends with a slash; I don't like that\n" if $repo =~ /\/$/;
+die "$repo has two consecutive periods; I don't like that\n" if $repo =~ /\.\./;

 # ----------------------------------------------------------------------------
 #       first level permissions check