diff options
author | Eric Wong <e@80x24.org> | 2019-01-09 11:43:26 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-01-15 21:23:45 +0000 |
commit | 1f4ce0de1cd70b905dc2cd40628785b01060738c (patch) | |
tree | 964fbdf38b8cb4a88fedc10d7432051cd0540509 /lib/PublicInbox/WWW.pm | |
parent | adf443322d8747bbc5b0b1d6e7bf819f70244456 (diff) | |
download | public-inbox-1f4ce0de1cd70b905dc2cd40628785b01060738c.tar.gz |
Actually, it turns out git.git/remote.c::valid_remote_nick rules alone are insufficient. More checking is performed as part of the refname in the git.git/refs.c::check_refname_component I also considered rejecting URL-unfriendly inbox names entirely, but realized some users may intentionally configure names not handled by our WWW endpoint for archives they don't want accessible over HTTP.
Diffstat (limited to 'lib/PublicInbox/WWW.pm')
-rw-r--r-- | lib/PublicInbox/WWW.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index c1c39265..3562e46c 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -19,7 +19,9 @@ use URI::Escape qw(uri_unescape); use PublicInbox::MID qw(mid_escape); require PublicInbox::Git; use PublicInbox::GitHTTPBackend; -our $INBOX_RE = qr!\A/([\w\.\-]+)!; + +# TODO: consider a routing tree now that we have more endpoints: +our $INBOX_RE = qr!\A/([\w\-][\w\.\-]*)!; our $MID_RE = qr!([^/]+)!; our $END_RE = qr!(T/|t/|t\.mbox(?:\.gz)?|t\.atom|raw|)!; our $ATTACH_RE = qr!(\d[\.\d]*)-([[:alnum:]][\w\.-]+[[:alnum:]])!i; |