(security) fix bug in pattern to detect path traversal
while we're about it, add the same check to some of the internal routines, so that commands can also be protected. finally, just to make sure we don't lose it again in some other fashion, add a few tests for path traversal...
This commit is contained in:
Sitaram Chamarty
parent
0d371ac957
commit
f636ce3ba3
3 changed files with 33 additions and 3 deletions
|
|
@ -168,7 +168,7 @@ sub sanity {
|
|||
my $repo = shift;
|
||||
_die "'$repo' contains bad characters" if $repo !~ $REPONAME_PATT;
|
||||
_die "'$repo' ends with a '/'" if $repo =~ m(/$);
|
||||
_die "'$repo' contains '..'" if $repo =~ m(\.\.$);
|
||||
_die "'$repo' contains '..'" if $repo =~ m(\.\.);
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue