From 4bf3c0e5012b70041f89221e257302a1817cbfcf Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Sat, 19 Apr 2014 06:14:22 -0700
Subject: [PATCH] Project.pm: reserve a few single character project names

Disallow single-character project names 'c', 'h', 'r', and 'w'
to prevent unanticipated interactions with the web server paths.
---
 Girocco/Project.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Girocco/Project.pm b/Girocco/Project.pm
index ff7c331..24ba145 100644
--- a/Girocco/Project.pm
+++ b/Girocco/Project.pm
@@ -71,6 +71,15 @@ our %propmapro = (
 	lastactivity => 'info/lastactivity',
 );
 
+# Projects with any of these names will be disallowed to avoid possible
+# collisions with cgi script paths
+our %reservedprojectnames = (
+	c => 1,
+	h => 1,
+	r => 1,
+	w => 1,
+);
+
 sub _update_index {
 	system($Girocco::Config::basedir . '/gitweb/genindex.sh');
 }
@@ -765,7 +774,7 @@ sub _valid_name_characters {
 sub valid_name {
 	no warnings; # avoid silly 'unsuccessful stat on filename with \n' warning
 	local $_ = $_[0];
-	_valid_name_characters($_)
+	_valid_name_characters($_) and not exists($reservedprojectnames{$_})
 		and ((not m#/#) or -d get_forkee_path($_)); # will also catch ^/
 }
 
-- 
2.11.4.GIT