2 /* Validation.class.php - phpgitweb
3 * Copyright (C) 2011-2012 Philipp Kreil (pk910)
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 public static function validate_path($path) {
23 * no '.' or '..' as elements of path, i.e. no '.' nor '..'
24 * at the beginning, at the end, and between slashes.
25 * also this catches doubled slashes
27 if(preg_match('#(^|/)(|\.|\.\.)(/|$)#', $path))
33 if(preg_match('#\0#', $path))
39 public static function validate_hash($hash) {
41 * regular hashes [a-f0-9] are always ok
43 if(preg_match('#^[a-f0-9]{1,40}$#i', $hash))
47 * must be a valid path
49 if(!self::validate_path($hash))
53 * restrictions on ref name according to git-check-ref-format
55 if(preg_match('#(\.|\.\.|[\000-\040\177 ~^:?*\[\]]|/$)#', $hash))