Mercurial Hosting > hghosting
changeset 10:a7187a447835
restrict repo names
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Tue, 12 Jul 2022 19:40:50 -0600 |
parents | 338ab58d91f2 |
children | bbafc54bbd26 |
files | src/admin/add.html.luan src/admin/index.html.luan update_repositories.luan |
diffstat | 3 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
diff -r 338ab58d91f2 -r a7187a447835 src/admin/add.html.luan --- a/src/admin/add.html.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/src/admin/add.html.luan Tue Jul 12 19:40:50 2022 -0600 @@ -1,7 +1,7 @@ local Luan = require "luan:Luan.luan" local error = Luan.error local String = require "luan:String.luan" -local to_lower = String.lower or error() +local matches = String.matches or error() local Io = require "luan:Io.luan" local Http = require "luan:http/Http.luan" local Shared = require "site:/lib/Shared.luan" @@ -16,7 +16,7 @@ local function handle() local user = get_user() local repo_name = Http.request.parameters.repo or error() - repo_name = to_lower(repo_name) + matches( repo_name, "^[a-z0-9_][a-z0-9_-]*$" ) or error "invalid regex name" if repo_name=="_all" or repo_name=="_private" then return [[<p error>Invalid rep name</p>]] end
diff -r 338ab58d91f2 -r a7187a447835 src/admin/index.html.luan --- a/src/admin/index.html.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/src/admin/index.html.luan Tue Jul 12 19:40:50 2022 -0600 @@ -47,7 +47,8 @@ <form action="add.html"> <p> <label prompt>Repo name</label> - <input type=text name=repo required> + <input type=text name=repo required pattern="[a-z0-9_][a-z0-9_-]*"> + <label prompt>Must match regex: [a-z0-9_][a-z0-9_-]*</label> </p> <p> <input type=submit value="Add Repo">
diff -r 338ab58d91f2 -r a7187a447835 update_repositories.luan --- a/update_repositories.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/update_repositories.luan Tue Jul 12 19:40:50 2022 -0600 @@ -39,7 +39,7 @@ for repo in pairs(repos) do if not uri("file:repos/"..repo).exists() then logger.info("creating repo "..repo) - uri("bash:/usr/local/bin/hg init 'repos/"..repo.."'").read_text() + uri("bash:/usr/local/bin/hg init repos/"..repo).read_text() end end -- delete unused repos