This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 90a6277 Add dirname check
90a6277 is described below
commit 90a6277062c982edc7816cd0d0df22dbd4dafe2f
Author: Sebb <[email protected]>
AuthorDate: Mon Jul 20 00:56:14 2020 +0100
Add dirname check
---
www/secretary/workbench/views/actions/ccla.json.rb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/www/secretary/workbench/views/actions/ccla.json.rb
b/www/secretary/workbench/views/actions/ccla.json.rb
index 952fcf0..92e6b51 100644
--- a/www/secretary/workbench/views/actions/ccla.json.rb
+++ b/www/secretary/workbench/views/actions/ccla.json.rb
@@ -69,6 +69,9 @@ task "svn commit documents/cclas/#@filename#{fileext} and
update cclas.txt" do
dest = message.write_att(@selected, @signature)
if dest.size > 1 # write to a container directory
+ unless @filename =~ /\A[a-zA-Z][-.\w]+\z/ # previously done by
write_svn
+ raise IOError.new("invalid filename: #{@filename}")
+ end
container = ASF::SVN.svnpath!('cclas', @filename)
extras << ['mkdir', container]
dest.each do |name, path|
