# HG changeset patch # User Franklin Schmidt # Date 1657676450 21600 # Node ID a7187a4478356710d515cc495c3aed3e1deac519 # Parent 338ab58d91f2f8dc835b07bd40946f75ffab3b71 restrict repo names diff -r 338ab58d91f2 -r a7187a447835 src/admin/add.html.luan --- a/src/admin/add.html.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/src/admin/add.html.luan Tue Jul 12 19:40:50 2022 -0600 @@ -1,7 +1,7 @@ local Luan = require "luan:Luan.luan" local error = Luan.error local String = require "luan:String.luan" -local to_lower = String.lower or error() +local matches = String.matches or error() local Io = require "luan:Io.luan" local Http = require "luan:http/Http.luan" local Shared = require "site:/lib/Shared.luan" @@ -16,7 +16,7 @@ local function handle() local user = get_user() local repo_name = Http.request.parameters.repo or error() - repo_name = to_lower(repo_name) + matches( repo_name, "^[a-z0-9_][a-z0-9_-]*$" ) or error "invalid regex name" if repo_name=="_all" or repo_name=="_private" then return [[

Invalid rep name

]] end diff -r 338ab58d91f2 -r a7187a447835 src/admin/index.html.luan --- a/src/admin/index.html.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/src/admin/index.html.luan Tue Jul 12 19:40:50 2022 -0600 @@ -47,7 +47,8 @@

- + +

diff -r 338ab58d91f2 -r a7187a447835 update_repositories.luan --- a/update_repositories.luan Tue Jul 12 13:27:12 2022 -0600 +++ b/update_repositories.luan Tue Jul 12 19:40:50 2022 -0600 @@ -39,7 +39,7 @@ for repo in pairs(repos) do if not uri("file:repos/"..repo).exists() then logger.info("creating repo "..repo) - uri("bash:/usr/local/bin/hg init 'repos/"..repo.."'").read_text() + uri("bash:/usr/local/bin/hg init repos/"..repo).read_text() end end -- delete unused repos