averello/git-mirror
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2025-12-12 20:36:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bc/allow-upload-pack-from-other-people'

Browse Source 
Loosen overly strict ownership check introduced in the recent past,
to keep the promise "cloning a suspicious repository is a safe
first step to inspect it".

* bc/allow-upload-pack-from-other-people:
  Allow cloning from repositories owned by another user
This commit is contained in:
Junio C Hamano
2024-12-10 10:04:55 +09:00
parent 9cd1e2e1a0 0ffb5a6bf1
commit 35f40385e4
7 changed files with 49 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
path.c
View File

@@ -684,7 +684,7 @@ return_null:
* links. User relative paths are also returned as they are given,
* except DWIM suffixing.
*/
const char *enter_repo(const char *path, int strict)
const char *enter_repo(const char *path, unsigned flags)
{
static struct strbuf validated_path = STRBUF_INIT;
static struct strbuf used_path = STRBUF_INIT;
@@ -692,7 +692,7 @@ const char *enter_repo(const char *path, int strict)
if (!path)
return NULL;
if (!strict) {
if (!(flags & ENTER_REPO_STRICT)) {
static const char *suffix[] = {
"/.git", "", ".git/.git", ".git", NULL,
};
@@ -736,7 +736,8 @@ const char *enter_repo(const char *path, int strict)
if (!suffix[i])
return NULL;
gitfile = read_gitfile(used_path.buf);
die_upon_dubious_ownership(gitfile, NULL, used_path.buf);
if (!(flags & ENTER_REPO_ANY_OWNER_OK))
die_upon_dubious_ownership(gitfile, NULL, used_path.buf);
if (gitfile) {
strbuf_reset(&used_path);
strbuf_addstr(&used_path, gitfile);
@@ -747,7 +748,8 @@ const char *enter_repo(const char *path, int strict)
}
else {
const char *gitfile = read_gitfile(path);
die_upon_dubious_ownership(gitfile, NULL, path);
if (!(flags & ENTER_REPO_ANY_OWNER_OK))
die_upon_dubious_ownership(gitfile, NULL, path);
if (gitfile)
path = gitfile;
if (chdir(path))