diff options
author | Eric Wong <e@80x24.org> | 2019-01-09 11:43:26 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-01-15 21:23:45 +0000 |
commit | 1f4ce0de1cd70b905dc2cd40628785b01060738c (patch) | |
tree | 964fbdf38b8cb4a88fedc10d7432051cd0540509 /lib/PublicInbox/Config.pm | |
parent | adf443322d8747bbc5b0b1d6e7bf819f70244456 (diff) | |
download | public-inbox-1f4ce0de1cd70b905dc2cd40628785b01060738c.tar.gz |
Actually, it turns out git.git/remote.c::valid_remote_nick rules alone are insufficient. More checking is performed as part of the refname in the git.git/refs.c::check_refname_component I also considered rejecting URL-unfriendly inbox names entirely, but realized some users may intentionally configure names not handled by our WWW endpoint for archives they don't want accessible over HTTP.
Diffstat (limited to 'lib/PublicInbox/Config.pm')
-rw-r--r-- | lib/PublicInbox/Config.pm | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/lib/PublicInbox/Config.pm b/lib/PublicInbox/Config.pm index a2b721d2..bea26176 100644 --- a/lib/PublicInbox/Config.pm +++ b/lib/PublicInbox/Config.pm @@ -152,6 +152,23 @@ sub git_config_dump { \%rv; } +sub valid_inbox_name ($) { + my ($name) = @_; + + # Similar rules found in git.git/remote.c::valid_remote_nick + # and git.git/refs.c::check_refname_component + # We don't reject /\.lock\z/, however, since we don't lock refs + if ($name eq '' || $name =~ /\@\{/ || + $name =~ /\.\./ || $name =~ m![/:\?\[\]\^~\s\f[:cntrl:]\*]! || + $name =~ /\A\./ || $name =~ /\.\z/) { + return 0; + } + + # Note: we allow URL-unfriendly characters; users may configure + # non-HTTP-accessible inboxes + 1; +} + sub _fill { my ($self, $pfx) = @_; my $rv = {}; @@ -185,8 +202,7 @@ sub _fill { my $name = $pfx; $name =~ s/\Apublicinbox\.//; - # same rules as git.git/remote.c::valid_remote_nick - if ($name eq '' || $name =~ m!/! || $name eq '.' || $name eq '..') { + if (!valid_inbox_name($name)) { warn "invalid inbox name: '$name'\n"; return; } |