From cbb95ad1075a5ee383078305f50f32b675cd3c6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= <rene.pfeuffer@cloudogu.com>
Date: Thu, 14 Jan 2021 14:22:05 +0100
Subject: [PATCH] Validate type parameter

---
 .../sonia/scm/api/v2/resources/RepositoryImportResource.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
index e3a2763d85..2a0de41d1a 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryImportResource.java
@@ -245,7 +245,7 @@ public class RepositoryImportResource {
     )
   )
   public Response importFromBundle(@Context UriInfo uriInfo,
-                                   @PathParam("type") String type,
+                                   @Pattern(regexp = "\\w{1,10}") @PathParam("type") String type,
                                    MultipartFormDataInput input,
                                    @QueryParam("compressed") @DefaultValue("false") boolean compressed) {
     RepositoryPermissions.create().check();