--- a/access/repositories.go Wed Apr 12 23:40:09 2023 -0500
+++ b/access/repositories.go Wed Apr 12 23:49:27 2023 -0500
@@ -7,6 +7,17 @@
+func IsInExistingRepo(repo string) bool { + for existingRepo := range repositories { + if strings.HasPrefix(repo, existingRepo) || strings.HasPrefix(existingRepo, repo) { func refreshRepositories() error {
absReposPath, err := filepath.Abs(ReposPath())
--- a/once/command.go Wed Apr 12 23:40:09 2023 -0500
+++ b/once/command.go Wed Apr 12 23:49:27 2023 -0500
@@ -31,6 +31,10 @@
return fmt.Errorf("access denied")
+ if access.IsInExistingRepo(repoPath) { + return fmt.Errorf("repository in repository is forbidden") hgcmd := hg.Init(filepath.Join(reposPath, repoPath))
return hgcmd.ExecPiped(repoPath, c.User, os.Stdin, os.Stdout, os.Stderr)
--- a/ssh/commands/init.go Wed Apr 12 23:40:09 2023 -0500
+++ b/ssh/commands/init.go Wed Apr 12 23:49:27 2023 -0500
@@ -28,6 +28,10 @@
return fmt.Errorf("access denied")
+ if access.IsInExistingRepo(i.repoName) { + return fmt.Errorf("repository in repository is forbidden") if err := run(i.repoPath, username, hg.Init(i.repoPath), session); err != nil {