git-commit: add a check for FILEPATH
authorDenis Ovsienko <denis@ovsienko.info>
Sun, 13 Jan 2019 20:32:02 +0000 (20:32 +0000)
committerDenis Ovsienko <denis@ovsienko.info>
Sun, 13 Jan 2019 20:46:33 +0000 (20:46 +0000)
Test that the file is not outside of the repository directory. While at
it, move the non-empty check into git_commit_or_exit() as it actually
belongs there.

[skip ci]

gateways/git-commit

index 6da68e3..be3786b 100755 (executable)
@@ -119,6 +119,12 @@ git_push_or_exit()
 
 git_commit_or_exit()
 {
+       assert_nonempty_option -f "$FILEPATH"
+       REALPATH=`realpath --canonicalize-missing --relative-to="$REPODIR" "$FILEPATH"`
+       if [ "$REALPATH" != "${REALPATH#../}" ]; then
+               echo "$THISFILE: file path '$FILEPATH' is outside of the repository directory '$REPODIR'" >&2
+               exit 12
+       fi
        # git processes the path to the file automatically, but the shell
        # redirection obviously does not.
        DIRNAME=`dirname "$FILEPATH"`
@@ -279,14 +285,12 @@ pull)
        git_pull_or_exit
        ;;
 commit)
-       assert_nonempty_option -f "$FILEPATH"
        git_commit_or_exit
        ;;
 push)
        git_push_or_exit
        ;;
 full)
-       assert_nonempty_option -f "$FILEPATH"
        git_pull_or_exit
        git_commit_or_exit and_push
        ;;