Mercurial Hosting > hghosting
diff src/admin/add.html.luan @ 10:a7187a447835
restrict repo names
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Tue, 12 Jul 2022 19:40:50 -0600 |
| parents | a09d8bcdc0f9 |
| children | b14073ab9d07 |
line wrap: on
line diff
--- a/src/admin/add.html.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/src/admin/add.html.luan Tue Jul 12 19:40:50 2022 -0600 @@ -1,7 +1,7 @@ local Luan = require "luan:Luan.luan" local error = Luan.error local String = require "luan:String.luan" -local to_lower = String.lower or error() +local matches = String.matches or error() local Io = require "luan:Io.luan" local Http = require "luan:http/Http.luan" local Shared = require "site:/lib/Shared.luan" @@ -16,7 +16,7 @@ local function handle() local user = get_user() local repo_name = Http.request.parameters.repo or error() - repo_name = to_lower(repo_name) + matches( repo_name, "^[a-z0-9_][a-z0-9_-]*$" ) or error "invalid regex name" if repo_name=="_all" or repo_name=="_private" then return [[<p error>Invalid rep name</p>]] end