Deny invalid path

Review Request #2422 — Created April 4, 2023 and submitted — Latest diff uploaded

Information

grim/hgkeeper
default

Reviewers

If an authenticated user calls hg init hg.host.com/dummy/../../../etc
it will create the repository in another root directory if the process of
hgkeeper has permissions for this.
This could be an attack to the server.

Also hgkeeper admin repository can be overriden like this.
hg init ssh://hg.host.com/dummy/../hgkeeper/keys


 

Commits

Files

    Loading...