* lib/viewcvs.py

(download_tarball): Throw a 403 Forbidden area if a tarball request is for a forbidden module. Patch by Olaf Hering <olh@suse.de>. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1065 8cb11bc2-c004-0410-86c3-e597b4017df7
2005-05-17 05:30:27 +00:00 · 2005-05-17 05:30:27 +00:00 · 27ad9a4f9d
parent 6eeaf2be2b
commit 27ad9a4f9d
1 changed files with 3 additions and 0 deletions
--- a/lib/viewcvs.py
+++ b/lib/viewcvs.py
@ -2825,6 +2825,9 @@ def download_tarball(request):
  rep_top = request.path_parts
  if len(rep_top):
    tar_top = rep_top[-1]
+    if cfg.is_forbidden(tar_top):
+      raise debug.ViewCVSException('Access to "%s" is forbidden.'
+                                  % tar_top, '403 Forbidden')
  else:
    tar_top = request.rootname