Skip to content

G
gitlab-shell
Commit d8565cff authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets
Browse files
Options

Escape repository path 

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent a0104118
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 1 deletion
lib/gitlab_shell.rb
View file @ d8565cff
...@@ -43,7 +43,7 @@ class GitlabShell ...@@ -43,7 +43,7 @@ class GitlabShell
def parse_cmd def parse_cmd
args = Shellwords.shellwords(@origin_cmd) args = Shellwords.shellwords(@origin_cmd)
@git_cmd = args[0] @git_cmd = args[0]
@repo_name = args[1] @repo_name = escape_path(args[1])
end end
def git_cmds def git_cmds
...@@ -86,4 +86,12 @@ class GitlabShell ...@@ -86,4 +86,12 @@ class GitlabShell
def log_username def log_username
@config.audit_usernames ? username : "user with key #{@key_id}" @config.audit_usernames ? username : "user with key #{@key_id}"
end end
def escape_path(path)
if File.absolute_path(path, repos_path) == File.join(repos_path, path)
path
else
raise "Wrong repository path"
end
end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7