grim/hgkeeper

Deny invalid path

13 months ago, aklitzing
5a19892df841
Deny invalid path

If an authenticated user calls `hg init hg.host.com/dummy/../../../etc`
it will create the repository in another root directory if the process of
hgkeeper has permissions for this.
This could be an attack to the server.

Also hgkeeper admin repository can be overriden like this.
`hg init ssh://hg.host.com/dummy/../hgkeeper/keys`

Reviewed at https://reviews.imfreedom.org/r/2422/
site_name: HGKeeper
site_url: https://docs.imfreedom.org/hgkeeper/
copyright: Copyright &copy; 2019-2022 <a href="https://reaperworld.com/">Gary Kramlich</a>
repo_url: https://keep.imfreedom.org/grim/hgkeeper
repo_name: Source Code
nav:
- About: index.md
- User Guide:
- SSH Access: sshaccess.md
- Access Control: accesscontrol.md
- Command Reference: commandreference.md
- Running:
- 'Run Modes': runmodes.md
- 'On Demand': ondemand.md
- 'Standalone Container': standalonecontainer.md
- 'Reverse Proxy': reverseproxy.md
- Issues: 'https://issues.imfreedom.org/issues/HGKEEPER?u=1'
plugins:
- include-markdown
- search
theme:
name: readthedocs