From cc34ae34b753ebaa13519500fc029e4c43fa025f Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Fri, 16 May 2025 02:33:53 +0300
Subject: updated with validations

---
 git-shell-commands/create-mirror | 12 +++++++++++-
 git-shell-commands/create-repo   | 10 +++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

(limited to 'git-shell-commands')

diff --git a/git-shell-commands/create-mirror b/git-shell-commands/create-mirror
index 8d2129c..2b1b1dc 100755
--- a/git-shell-commands/create-mirror
+++ b/git-shell-commands/create-mirror
@@ -8,14 +8,24 @@ if test "${#}" -ne 1; then
 fi
 
 REPO="${1}"
+if ! [[ "${REPO}" =~ ^https://[a-zA-Z0-9.-]+/[a-zA-Z0-9_/.-]+$ ]]; then
+    printf "%s\n" "[err] invalid repository URL"
+    exit 1
+fi
+
 REPO_NAME=$(basename "${REPO}")
-REPO_DIR="/srv/git/repos/${REPO_NAME}.git"
+if ! [[ "${REPO_NAME}" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+    printf "%s\n" "[err] repository name can only contain letters, numbers, underscores, and hyphens"
+    exit 1
+fi
 
+REPO_DIR="/srv/git/repos/${REPO_NAME}.git"
 if test -d "${REPO_DIR}"; then
     printf "%s\n" "[err] repository ${REPO_NAME}.git already exists at ${REPO_DIR}"
     exit 1
 fi
 
+
 TMP_DIR=$(mktemp -d -p /tmp)
 trap 'rm -rf "$TMP_DIR"' EXIT
 
diff --git a/git-shell-commands/create-repo b/git-shell-commands/create-repo
index b5c6262..3a85514 100755
--- a/git-shell-commands/create-repo
+++ b/git-shell-commands/create-repo
@@ -8,14 +8,18 @@ if test "${#}" -lt 1 || test "${#}" -gt 2; then
 fi
 
 REPO_NAME="${1}"
-REPO_SECTION="${2:-uncategorized}"
-REPO_DIR="/srv/git/repos/${REPO_NAME}.git"
-
 if ! [[ "${REPO_NAME}" =~ ^[a-zA-Z0-9_-]+$ ]]; then
     printf "%s\n" "[err] repository name can only contain letters, numbers, underscores, and hyphens"
     exit 1
 fi
 
+REPO_SECTION="${2:-uncategorized}"
+if ! [[ "${REPO_SECTION}" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+    printf "%s\n" "[err] section can only contain letters, numbers, underscores, and hyphens"
+    exit 1
+fi
+
+REPO_DIR="/srv/git/repos/${REPO_NAME}.git"
 if test -d "${REPO_DIR}"; then
     printf "%s\n" "[err] repository ${REPO_NAME}.git already exists at ${REPO_DIR}"
     exit 1
-- 
cgit v1.2.3