Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Updated to ensure that no non-default SSH command is used for a pull |
---|---|
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
f79eaca9ca2589afa490fe8571af1867 |
User & Date: | rkeene 2016-11-22 18:22:28.680 |
Context
2016-11-22
| ||
19:29 | Updated to log queries that fail and why they fail check-in: e1a97c62e1 user: rkeene tags: trunk | |
18:22 | Updated to ensure that no non-default SSH command is used for a pull check-in: f79eaca9ca user: rkeene tags: trunk | |
2016-10-03
| ||
16:56 | Ensure username is properly sanitized check-in: ec1cc1e2e0 user: rkeene tags: trunk | |
Changes
Changes to nano/fossil.php.
︙ | ︙ | |||
268 269 270 271 272 273 274 275 276 277 278 279 280 281 | if (file_exists($url) || preg_match('/:\/\//', $url) == 0) { $outputstr = "Invalid URL"; return false; } } if (file_exists("{$this->path}{$repo}.fossil")) { if ($url == '') { exec($this->getFossilCommand(3600) . " pull -R " . escapeshellarg("{$this->path}{$repo}.fossil") . " 2>&1", $output, $return); } else { exec($this->getFossilCommand(3600) . " pull " . escapeshellarg($url) . " -R " . escapeshellarg("{$this->path}{$repo}.fossil") . " 2>&1", $output, $return); } | > > > > > > > | 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 | if (file_exists($url) || preg_match('/:\/\//', $url) == 0) { $outputstr = "Invalid URL"; return false; } } if (file_exists("{$this->path}{$repo}.fossil")) { # Ensure that no non-default SSH command can be used for a pull exec("timeout 3600 /usr/local/bin/fossil unset ssh-command -R " . escapeshellarg("{$this->path}{$repo}.fossil") . " 2>&1", $output, $return); if ($return !== 0) { return false; } if ($url == '') { exec($this->getFossilCommand(3600) . " pull -R " . escapeshellarg("{$this->path}{$repo}.fossil") . " 2>&1", $output, $return); } else { exec($this->getFossilCommand(3600) . " pull " . escapeshellarg($url) . " -R " . escapeshellarg("{$this->path}{$repo}.fossil") . " 2>&1", $output, $return); } |
︙ | ︙ |