You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/19 23:56:22 UTC

[whimsy] branch master updated: Add dirname check

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 90a6277  Add dirname check
90a6277 is described below

commit 90a6277062c982edc7816cd0d0df22dbd4dafe2f
Author: Sebb <se...@apache.org>
AuthorDate: Mon Jul 20 00:56:14 2020 +0100

    Add dirname check
---
 www/secretary/workbench/views/actions/ccla.json.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/www/secretary/workbench/views/actions/ccla.json.rb b/www/secretary/workbench/views/actions/ccla.json.rb
index 952fcf0..92e6b51 100644
--- a/www/secretary/workbench/views/actions/ccla.json.rb
+++ b/www/secretary/workbench/views/actions/ccla.json.rb
@@ -69,6 +69,9 @@ task "svn commit documents/cclas/#@filename#{fileext} and update cclas.txt" do
       dest = message.write_att(@selected, @signature)
 
       if dest.size > 1 # write to a container directory
+        unless @filename =~ /\A[a-zA-Z][-.\w]+\z/ # previously done by write_svn
+          raise IOError.new("invalid filename: #{@filename}")
+        end
         container = ASF::SVN.svnpath!('cclas', @filename)
         extras << ['mkdir', container]
         dest.each do |name, path|