From a125cf6876e0edc5a2498df57a9df06d60b1f572 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 02 Jun 2011 22:40:23 -0400
Subject: [PATCH] Unit testing. Start of git-notes display feature.

---
 src/com/gitblit/wicket/pages/EditRepositoryPage.java |   19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index eb2a8e6..e5496a1 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -19,7 +19,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -104,6 +103,22 @@
 
 					// automatically convert backslashes to forward slashes
 					repositoryModel.name = repositoryModel.name.replace('\\', '/');
+					// Automatically replace // with /
+					repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+					// prohibit folder paths
+					if (repositoryModel.name.startsWith("/")) {						
+						error("Leading root folder references (/) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.startsWith("../")) {						
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.contains("/../")) {
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
 
 					// confirm valid characters in repository name
 					char[] validChars = { '/', '.', '_', '-' };
@@ -120,7 +135,7 @@
 							}
 						}
 					}
-
+					
 					// confirm access restriction selection
 					if (repositoryModel.accessRestriction == null) {
 						error("Please select access restriction!");

--
Gitblit v1.9.1