[PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat Jan 18 21:24:57 CET 2014
If the snapshots are not enabled then the frontend won't show a link to it.
The skilled user however may construct the URL on his own and the frontend
will obey the request.
This patch adds a check for this case so the requst won't be served.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
ui-snapshot.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ui-snapshot.c b/ui-snapshot.c
index 582dc31..b278ddf 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -209,6 +209,12 @@ void cgit_print_snapshot(const char *head, const char *hex,
return;
}
+ if (!(f->bit & snapshots)) {
+ show_error(xstrdup(fmt("Snapshot format %s is not enabled.",
+ f->suffix)));
+ return;
+ }
+
if (!hex && dwim) {
hex = get_ref_from_filename(ctx.repo->url, filename, f);
if (hex == NULL) {
--
1.8.5.2
More information about the CGit
mailing list