* lib/viewcvs.py
(download_tarball): Throw a 403 Forbidden area if a tarball request is for a forbidden module. Patch by Olaf Hering <olh@suse.de>. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1065 8cb11bc2-c004-0410-86c3-e597b4017df7remotes/tags/1.0.0-rc1
parent
6eeaf2be2b
commit
27ad9a4f9d
|
@ -2825,6 +2825,9 @@ def download_tarball(request):
|
|||
rep_top = request.path_parts
|
||||
if len(rep_top):
|
||||
tar_top = rep_top[-1]
|
||||
if cfg.is_forbidden(tar_top):
|
||||
raise debug.ViewCVSException('Access to "%s" is forbidden.'
|
||||
% tar_top, '403 Forbidden')
|
||||
else:
|
||||
tar_top = request.rootname
|
||||
|
||||
|
|
Loading…
Reference in New Issue