755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
|
while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
zRepo = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
/* To avoid mischief, make sure the repository basename contains no
** characters other than alphanumerics, "-", and "_".
*/
for(j=strlen(g.zRepositoryName)+1, k=0; k<i-1; j++, k++){
if( !isalnum(zRepo[j]) && zRepo[j]!='-' ) zRepo[j] = '_';
}
if( zRepo[0]=='/' && zRepo[1]=='/' ) zRepo++;
if( file_size(zRepo)<1024 ){
if( zNotFound ){
cgi_redirect(zNotFound);
}else{
|
|
|
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
|
while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
zRepo = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
/* To avoid mischief, make sure the repository basename contains no
** characters other than alphanumerics, "-", and "_".
*/
for(j=strlen(g.zRepositoryName)+1, k=0; k<i-1; j++, k++){
if( !fossil_isalnum(zRepo[j]) && zRepo[j]!='-' ) zRepo[j] = '_';
}
if( zRepo[0]=='/' && zRepo[1]=='/' ) zRepo++;
if( file_size(zRepo)<1024 ){
if( zNotFound ){
cgi_redirect(zNotFound);
}else{
|