changeset 10:a7187a447835

restrict repo names
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 12 Jul 2022 19:40:50 -0600
parents 338ab58d91f2
children bbafc54bbd26
files src/admin/add.html.luan src/admin/index.html.luan update_repositories.luan
diffstat 3 files changed, 5 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
diff -r 338ab58d91f2 -r a7187a447835 src/admin/add.html.luan
--- a/src/admin/add.html.luan	Tue Jul 12 13:27:12 2022 -0600
+++ b/src/admin/add.html.luan	Tue Jul 12 19:40:50 2022 -0600
@@ -1,7 +1,7 @@
 local Luan = require "luan:Luan.luan"
 local error = Luan.error
 local String = require "luan:String.luan"
-local to_lower = String.lower or error()
+local matches = String.matches or error()
 local Io = require "luan:Io.luan"
 local Http = require "luan:http/Http.luan"
 local Shared = require "site:/lib/Shared.luan"
@@ -16,7 +16,7 @@
 local function handle()
 	local user = get_user()
 	local repo_name = Http.request.parameters.repo or error()
-	repo_name = to_lower(repo_name)
+	matches( repo_name, "^[a-z0-9_][a-z0-9_-]*$" ) or error "invalid regex name"
 	if repo_name=="_all" or repo_name=="_private" then
 		return [[<p error>Invalid rep name</p>]]
 	end
diff -r 338ab58d91f2 -r a7187a447835 src/admin/index.html.luan
--- a/src/admin/index.html.luan	Tue Jul 12 13:27:12 2022 -0600
+++ b/src/admin/index.html.luan	Tue Jul 12 19:40:50 2022 -0600
@@ -47,7 +47,8 @@
 			<form action="add.html">
 				<p>
 					<label prompt>Repo name</label>
-					<input type=text name=repo required>
+					<input type=text name=repo required pattern="[a-z0-9_][a-z0-9_-]*">
+					<label prompt>Must match regex: [a-z0-9_][a-z0-9_-]*</label>
 				</p>
 				<p>
 					<input type=submit value="Add Repo">
diff -r 338ab58d91f2 -r a7187a447835 update_repositories.luan
--- a/update_repositories.luan	Tue Jul 12 13:27:12 2022 -0600
+++ b/update_repositories.luan	Tue Jul 12 19:40:50 2022 -0600
@@ -39,7 +39,7 @@
 for repo in pairs(repos) do
 	if not uri("file:repos/"..repo).exists() then
 		logger.info("creating repo "..repo)
-		uri("bash:/usr/local/bin/hg init 'repos/"..repo.."'").read_text()
+		uri("bash:/usr/local/bin/hg init repos/"..repo).read_text()
 	end
 end
 -- delete unused repos