X-Git-Url: http://git.pk910.de/?p=phpgitweb.git;a=blobdiff_plain;f=htdocs%2Flib%2FValidation.class.php;fp=htdocs%2Flib%2FValidation.class.php;h=4db14d9caac32c6f8aae0a312cdea90a63c4466f;hp=0000000000000000000000000000000000000000;hb=394a07ff3e283f94c7ead44e8bd02d44c223314b;hpb=ce9f1b8b05ff571f6922460cf91b45aa5a119d94 diff --git a/htdocs/lib/Validation.class.php b/htdocs/lib/Validation.class.php new file mode 100644 index 0000000..4db14d9 --- /dev/null +++ b/htdocs/lib/Validation.class.php @@ -0,0 +1,63 @@ +. + */ + +class Validation { + + public static function validate_path($path) { + /* Path validation #1 + * no '.' or '..' as elements of path, i.e. no '.' nor '..' + * at the beginning, at the end, and between slashes. + * also this catches doubled slashes + */ + if(preg_match('#(^|/)(|\.|\.\.)(/|$)#', $path)) + return false; + + /* Path validation #2 + * no null characters + */ + if(preg_match('#\0#', $path)) + return false; + + return true; + } + + public static function validate_hash($hash) { + /* Hash validation #1 + * regular hashes [a-f0-9] are always ok + */ + if(preg_match('#^[a-f0-9]{1,40}$#i', $hash)) + return true; + + /* Hash validation #2 + * must be a valid path + */ + if(!self::validate_path($hash)) + return false; + + /* Hash validation #3 + * restrictions on ref name according to git-check-ref-format + */ + if(preg_match('#(\.|\.\.|[\000-\040\177 ~^:?*\[\]]|/$)#', $hash)) + return false; + + return true; + } + +} + +?> \ No newline at end of file