This file documents the revision history for Perl extension Gitalist.
+0.000001
+ - No changes since last dev release.
+
+0.000000_02 UNRELEASED
+ - Fixed history action, other minor cleanups.
+
0.000000_01 UNRELEASED
- Initial release to CPAN
StackTrace
/;
-our $VERSION = '0.000000_01';
+our $VERSION = '0.000001';
$VERSION = eval $VERSION;
__PACKAGE__->config(
$c->stash(Project => $c->model('GitRepos')->project($project));
};
if ($@) {
- $c->detach('error_404');
+ $c->detach('/error_404');
}
}
sub error_404 :Private {
my ($self, $c) = @_;
$c->response->status(404);
- $c->stash(
- title => 'Page not found',
- content => 'Page not found',
- );
+ $c->response->body('Page not found');
}
sub age_string {
=cut
method project (NonEmptySimpleStr $project) {
- my $path = $self->repo_dir->subdir($project);
+ my $path = $self->repo_dir->subdir($project)->resolve;
+ die "Directory traversal prohibited" unless $self->repo_dir->contains($path);
die "Not a valid Project" unless $self->_is_git_repo($path);
return Project->new( $self->repo_dir->subdir($project) );
}
ok( request($path)->is_success, "$path should succeed");
}
-is request('/summary?p=DoesNotExist')->code, 404,
- '/summary?p=DoesNotExist 404s';
+my $response = request('/summary?p=DoesNotExist');
+is $response->code, 404, 'invalid project 404s';
+like $response->content, qr/Page not found/, 'invalid project handled correctly';
+
+is request('/summary?p=../../../')->code, 404, 'directory traversal failed';
+
{
# URI tests for repo1
local *test = curry_test_uri('repo1');
my $project = $repo->project();
} 'throws exception for no project';
+dies_ok {
+ my $project = $repo->project('../../../');
+} 'throws exception for directory traversal';
+
my $project = $repo->project('repo1');
isa_ok($project, 'Gitalist::Git::Project');