<?php
/* Validation.class.php - phpgitweb
 * Copyright (C) 2011-2012  Philipp Kreil (pk910)
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>. 
 */

class Validation {
	
	public static function validate_path($path) {
		/* Path validation #1
		* no '.' or '..' as elements of path, i.e. no '.' nor '..'
		* at the beginning, at the end, and between slashes.
		* also this catches doubled slashes
		*/
		if(preg_match('#(^|/)(|\.|\.\.)(/|$)#', $path))
			return false;
		
		/* Path validation #2
		* no null characters
		*/
		if(preg_match('#\0#', $path))
			return false;
		
		return true;
	}
	
	public static function validate_hash($hash) {
		/* Hash validation #1
		* regular hashes [a-f0-9] are always ok
		*/
		if(preg_match('#^[a-f0-9]{1,40}$#i', $hash))
			return true;
		
		/* Hash validation #2
		* must be a valid path
		*/
		if(!self::validate_path($hash))
			return false;
		
		/* Hash validation #3
		* restrictions on ref name according to git-check-ref-format
		*/
		if(preg_match('#(\.|\.\.|[\000-\040\177 ~^:?*\[\]]|/$)#', $hash))
			return false;
		
		return true;
	}
	
}

?>