From 363f24c93695d26f5af584e99093689077b1c7dd Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 3 Feb 2006 23:50:55 -0800 Subject: [PATCH] daemon: do not forbid user relative paths unconditionally under --base-path Using base-path to relocate the server public space does not have anything to do with allowing or forbidding user relative paths. Signed-off-by: Junio C Hamano --- daemon.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/daemon.c b/daemon.c index 532bb0c325..324bb04da2 100644 --- a/daemon.c +++ b/daemon.c @@ -145,13 +145,17 @@ static char *path_ok(char *dir) if (base_path) { static char rpath[PATH_MAX]; - if (*dir != '/') { - /* Forbid possible base-path evasion using ~paths. */ + if (!strict_paths && *dir == '~') + ; /* allow user relative paths */ + else if (*dir != '/') { + /* otherwise allow only absolute */ logerror("'%s': Non-absolute path denied (base-path active)", dir); return NULL; } - snprintf(rpath, PATH_MAX, "%s%s", base_path, dir); - dir = rpath; + else { + snprintf(rpath, PATH_MAX, "%s%s", base_path, dir); + dir = rpath; + } } path = enter_repo(dir, strict_paths);