diff options
| author | Alex Pooley (@zuedev) <zuedev@gmail.com> | 2026-05-07 18:09:36 +0100 |
|---|---|---|
| committer | Alex Pooley (@zuedev) <zuedev@gmail.com> | 2026-05-07 18:09:36 +0100 |
| commit | 23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3 (patch) | |
| tree | 2adb4ead7955350be39aa883880d52ae9beabbae /usr/local | |
| parent | 56687a86c00d6c14fc4681b99c218e244d4ad94c (diff) | |
| download | git.zue.dev-23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3.tar git.zue.dev-23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3.tar.gz git.zue.dev-23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3.tar.bz2 git.zue.dev-23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3.tar.xz git.zue.dev-23e43bfc60ea4bc7ff1c34dfce54e838c88ba9f3.zip | |
add comment for path trav
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/bin/git-wrapper | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/usr/local/bin/git-wrapper b/usr/local/bin/git-wrapper index bf0781b..3039d10 100644 --- a/usr/local/bin/git-wrapper +++ b/usr/local/bin/git-wrapper @@ -11,6 +11,7 @@ fi cmd=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d' ' -f1) path=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d"'" -f2) +# Block path traversal attempts if [[ "$path" == *..* ]]; then echo "Invalid path" >&2 exit 1 |