diff options
author | Richard Ipsum <richard.ipsum@codethink.co.uk> | 2014-01-28 17:02:30 +0000 |
---|---|---|
committer | Richard Ipsum <richard.ipsum@codethink.co.uk> | 2014-01-28 17:02:30 +0000 |
commit | 78173705ae416ce8f41cad675ebc915ddd65830c (patch) | |
tree | 4c858c31de89e3197411d8766b4e735ee25520d6 | |
parent | 3e7898f19870a580c416a155564a87daa841d62a (diff) | |
download | gitano-baserock/richardipsum/cgis.tar.gz |
-rwxr-xr-x | cgi/command.cgi | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/cgi/command.cgi b/cgi/command.cgi index dd1e7fa..d81ef08 100755 --- a/cgi/command.cgi +++ b/cgi/command.cgi @@ -36,23 +36,18 @@ function run_command(cmd, parsed_cmdline, user, config, env) end end --- we may need to do some kind of input validation on the query string local query_string = url_decode(os.getenv("QUERY_STRING")) - local cmdline = query_string +stream:write('cmdline: ' .. cmdline) + local _, e = string.find(query_string, "cmd=") cmdline = string.sub(query_string, e + 1, #query_string) -stream:write("cmdline: " .. cmdline .. "\n") - --- TODO: do not allow fetch, push, pull, clone... anything else? --- so really not allowing upload-pack or receive-pack here. ---print(os.execute(env)) - local user = os.getenv("REMOTE_USER") -local authorized, cmd, parsed_cmdline, config, env = gitano.auth.is_authorized(user, cmdline) +local authorized, cmd, parsed_cmdline, config, env = + gitano.auth.is_authorized(user, cmdline) if authorized then run_command(cmd, parsed_cmdline, user, config, env) |