Skip to content

E
edx-platform
Commit 348ee515 by ichuang
Options

improve security (disallow funny chars in git repo and branch names)

parent b3fe8687
Showing with 3 additions and 3 deletions
cms/djangoapps/contentstore/export.py
...@@ -81,11 +81,11 @@ def export_course(request, org, course, name): ...@@ -81,11 +81,11 @@ def export_course(request, org, course, name):
log.debug('action=%s' % action) log.debug('action=%s' % action)
if request.method == 'POST' and action=='Set Git Repository Info': if request.method == 'POST' and action=='Set Git Repository Info':
git_repo = request.POST['git_repo'] git_repo = request.POST['git_repo'].replace(';','_').replace('\n','')
git_branch = request.POST['git_branch'] git_branch = request.POST['git_branch'].replace(';','_').replace('\n','')
exportinfo['git_repo'] = git_repo exportinfo['git_repo'] = git_repo
exportinfo['git_branch'] = git_branch exportinfo['git_branch'] = git_branch
log.debug('set export info') log.debug('set export info (%s, %s)' % (git_repo, git_branch))
m = re.search('/([^/]+)\.git$',git_repo) # get local_dir from git_repo m = re.search('/([^/]+)\.git$',git_repo) # get local_dir from git_repo
if m: if m:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment