From 9effe1630d97039b3e01cd9b58ed07e75be1d63c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 25 Feb 2013 08:40:30 -0500
Subject: [PATCH] Merge pull request #75 from thefake/master

---
 src/com/gitblit/GitFilter.java |   35 +++++++++++++++++++++++++++++------
 1 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index c09b0d2..a0d395b 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -124,6 +124,11 @@
 		return true;
 	}
 
+	@Override
+	protected boolean requiresClientCertificate() {
+		return GitBlit.getBoolean(Keys.git.requiresClientCertificate, false);
+	}
+
 	/**
 	 * Determine if the repository requires authentication.
 	 * 
@@ -195,11 +200,29 @@
 	protected RepositoryModel createRepository(UserModel user, String repository, String action) {
 		boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action);
 		if (isPush) {
-			if (user.canCreateOnPush(repository)) {
+			if (user.canCreate(repository)) {
 				// user is pushing to a new repository
+				// validate name
+				if (repository.startsWith("../")) {
+					logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
+					return null;
+				}
+				if (repository.contains("/../")) {
+					logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
+					return null;
+				}					
+
+				// confirm valid characters in repository name
+				Character c = StringUtils.findInvalidCharacter(repository);
+				if (c != null) {
+					logger.error(MessageFormat.format("Invalid character '{0}' in repository name {1}!", c, repository));
+					return null;
+				}
+
+				// create repository
 				RepositoryModel model = new RepositoryModel();
 				model.name = repository;
-				model.owner = user.username;
+				model.addOwner(user.username);
 				model.projectPath = StringUtils.getFirstPathElement(repository);
 				if (model.isUsersPersonalRepository(user.username)) {
 					// personal repository, default to private for user
@@ -213,11 +236,11 @@
 
 				// create the repository
 				try {
-					GitBlit.self().updateRepositoryModel(repository, model, true);
-					logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, repository));
-					return GitBlit.self().getRepositoryModel(repository);
+					GitBlit.self().updateRepositoryModel(model.name, model, true);
+					logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, model.name));
+					return GitBlit.self().getRepositoryModel(model.name);
 				} catch (GitBlitException e) {
-					logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, repository), e);
+					logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, model.name), e);
 				}
 			} else {
 				logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository));

--
Gitblit v1.9.1