From 4eaebed43bfe91ccd315e331a76b01c987ca383b Mon Sep 17 00:00:00 2001 From: Klaus Silveira Date: Fri, 29 Mar 2013 00:26:16 -0300 Subject: [PATCH] Proper branch name validation, fixes #272 --- src/GitList/Controller/TreeController.php | 6 +++--- src/GitList/Util/Routing.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/GitList/Controller/TreeController.php b/src/GitList/Controller/TreeController.php index f807145..f14ebf2 100644 --- a/src/GitList/Controller/TreeController.php +++ b/src/GitList/Controller/TreeController.php @@ -68,13 +68,13 @@ class TreeController implements ControllerProviderInterface 'tags' => $repository->getTags(), )); })->assert('repo', $app['util.routing']->getRepositoryRegex()) - ->assert('branch', '[\w-._\/]+') + ->assert('branch', $app['util.routing']->getBranchRegex()) ->bind('search'); $route->get('{repo}/{branch}/', function ($repo, $branch) use ($app, $treeController) { return $treeController($repo, $branch); })->assert('repo', $app['util.routing']->getRepositoryRegex()) - ->assert('branch', '[\w-._\/]+') + ->assert('branch', $app['util.routing']->getBranchRegex()) ->bind('branch'); $route->get('{repo}/', function ($repo) use ($app, $treeController) { @@ -111,7 +111,7 @@ class TreeController implements ControllerProviderInterface )); })->assert('format', '(zip|tar)') ->assert('repo', $app['util.routing']->getRepositoryRegex()) - ->assert('branch', '[\w-._\/]+') + ->assert('branch', $app['util.routing']->getBranchRegex()) ->bind('archive'); return $route; diff --git a/src/GitList/Util/Routing.php b/src/GitList/Util/Routing.php index caeda25..a1e33f5 100644 --- a/src/GitList/Util/Routing.php +++ b/src/GitList/Util/Routing.php @@ -85,7 +85,7 @@ class Routing static $branchRegex = null; if ($branchRegex === null) { - $branchRegex = '[\w-._\/]+'; + $branchRegex = '(?!/|.*([/.]\.|//|@\{|\\\\))[^\040\177 ~^:?*\[]+(?