From 896c533de882d729a6fd8a30e08fd5a9e9eec27d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sat, 18 Jun 2011 09:22:05 -0400
Subject: [PATCH] Map gitservlet from web.xml and configure it from gitblit properties.

---
 src/com/gitblit/wicket/pages/EditRepositoryPage.java |   17 ++++++++++++++++-
 1 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index eb2a8e6..52ed548 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -19,7 +19,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -104,6 +103,22 @@
 
 					// automatically convert backslashes to forward slashes
 					repositoryModel.name = repositoryModel.name.replace('\\', '/');
+					// Automatically replace // with /
+					repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+					// prohibit folder paths
+					if (repositoryModel.name.startsWith("/")) {
+						error("Leading root folder references (/) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.startsWith("../")) {
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.contains("/../")) {
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
 
 					// confirm valid characters in repository name
 					char[] validChars = { '/', '.', '_', '-' };

--
Gitblit v1.9.1