miscbaserock/richardipsum/cgis

1 files changed, 4 insertions, 9 deletions

diff --git a/cgi/command.cgi b/cgi/command.cgi
index dd1e7fa..d81ef08 100755
--- a/cgi/command.cgi
+++ b/cgi/command.cgi
@@ -36,23 +36,18 @@ function run_command(cmd, parsed_cmdline, user, config, env)
    end
 end
 
--- we may need to do some kind of input validation on the query string
 local query_string = url_decode(os.getenv("QUERY_STRING"))
-
 local cmdline = query_string
 
+stream:write('cmdline: ' .. cmdline)
+
 local _, e = string.find(query_string, "cmd=")
 cmdline = string.sub(query_string, e + 1, #query_string)
 
-stream:write("cmdline: " .. cmdline .. "\n")
-
--- TODO: do not allow fetch, push, pull, clone... anything else?
--- so really not allowing upload-pack or receive-pack here.
---print(os.execute(env))
-
 local user = os.getenv("REMOTE_USER")
 
-local authorized, cmd, parsed_cmdline, config, env = gitano.auth.is_authorized(user, cmdline)
+local authorized, cmd, parsed_cmdline, config, env =
+   gitano.auth.is_authorized(user, cmdline)
 
 if authorized then
    run_command(cmd, parsed_cmdline, user, config, env)