diff options
Diffstat (limited to 'src/com/gitblit/wicket/pages/EditRepositoryPage.java')
| -rw-r--r-- | src/com/gitblit/wicket/pages/EditRepositoryPage.java | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java index eb2a8e64..e5496a1a 100644 --- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java +++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java @@ -19,7 +19,6 @@ import java.text.MessageFormat; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -104,6 +103,22 @@ public class EditRepositoryPage extends BasePage { // automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
+ // Automatically replace // with /
+ repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+ // prohibit folder paths
+ if (repositoryModel.name.startsWith("/")) {
+ error("Leading root folder references (/) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.startsWith("../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.contains("/../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
// confirm valid characters in repository name
char[] validChars = { '/', '.', '_', '-' };
@@ -120,7 +135,7 @@ public class EditRepositoryPage extends BasePage { }
}
}
-
+
// confirm access restriction selection
if (repositoryModel.accessRestriction == null) {
error("Please select access restriction!");
|