This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 2604fd12 basic check of SVN url
2604fd12 is described below
commit 2604fd126cf3143a4f34fb4c38b8fa644b02d3b7
Author: Sebb <[email protected]>
AuthorDate: Tue Apr 18 01:29:29 2023 +0100
basic check of SVN url
---
www/secretary/upload_file.cgi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/www/secretary/upload_file.cgi b/www/secretary/upload_file.cgi
index 53b440a6..3d4aff5b 100755
--- a/www/secretary/upload_file.cgi
+++ b/www/secretary/upload_file.cgi
@@ -51,6 +51,9 @@ _html do
if _.post?
# params are arrays
url = params['url'].first
+ if url !~ %r{^https://(dist|svn)\.apache\.org/\S+$}
+ raise ArgumentError.new("Invalid SVN URL!")
+ end
source = params['source'].first
msg = "Uploaded by Whimsy: #{params['msg'].first.strip}"
# The source is StringIO for smaller files, Tempfile for larger ones
