aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-04-04 16:17:50 -0700
committerredmatrix <git@macgirvin.com>2016-04-04 16:17:50 -0700
commit01ad485f6517caba49b1917818ceaa477e6cc846 (patch)
tree79c954236988e9cdf98dcbfb110eba944e7601fd
parent447c59fd9b6ccac981b274d82f52ce4dd00e8b4a (diff)
downloadvolse-hubzilla-01ad485f6517caba49b1917818ceaa477e6cc846.tar.gz
volse-hubzilla-01ad485f6517caba49b1917818ceaa477e6cc846.tar.bz2
volse-hubzilla-01ad485f6517caba49b1917818ceaa477e6cc846.zip
SECURITY: Do not link unknown and unverified code repositories to the project without some form of confirmation that one accepts the significant risks involved.
-rwxr-xr-xutil/add_addon_repo14
-rwxr-xr-xutil/add_theme_repo14
-rwxr-xr-xutil/add_widget_repo13
3 files changed, 36 insertions, 5 deletions
diff --git a/util/add_addon_repo b/util/add_addon_repo
index decd9e091..a8dd9f49a 100755
--- a/util/add_addon_repo
+++ b/util/add_addon_repo
@@ -1,10 +1,21 @@
#!/bin/bash -f
-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
echo usage: $0 repo_url nickname
exit 1
fi
+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+ echo "";
+ echo "This is NOT an official project repository.";
+ echo "In order to protect you from unverified and";
+ echo "possibly malicious content, this repository";
+ echo "will not be linked to your site unless you";
+ echo "append the word 'insecure' to the command.";
+ echo "";
+ exit 1
+fi
+
mkdir -p extend/addon/$2
mkdir addon > /dev/null 2>&1
git clone $1 extend/addon/$2
@@ -14,7 +25,6 @@ fi
filelist=(`ls extend/addon/$2`)
-
cd addon
for a in "${filelist[@]}" ; do
base=`basename $a`
diff --git a/util/add_theme_repo b/util/add_theme_repo
index d41eba6d9..8280c447b 100755
--- a/util/add_theme_repo
+++ b/util/add_theme_repo
@@ -1,11 +1,21 @@
#!/bin/bash -f
-
-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
echo usage: $0 repo_url nickname
exit 1
fi
+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+ echo "";
+ echo "This is NOT an official project repository.";
+ echo "In order to protect you from unverified and";
+ echo "possibly malicious content, this repository";
+ echo "will not be linked to your site unless you";
+ echo "append the word 'insecure' to the command.";
+ echo "";
+ exit 1
+fi
+
mkdir -p extend/theme/$2
git clone $1 extend/theme/$2
if [ $? -ne 0 ]; then
diff --git a/util/add_widget_repo b/util/add_widget_repo
index 347e8e4e1..e7e316ba4 100755
--- a/util/add_widget_repo
+++ b/util/add_widget_repo
@@ -1,10 +1,21 @@
#!/bin/bash -f
-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
echo usage: $0 repo_url nickname
exit 1
fi
+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+ echo "";
+ echo "This is NOT an official project repository.";
+ echo "In order to protect you from unverified and";
+ echo "possibly malicious content, this repository";
+ echo "will not be linked to your site unless you";
+ echo "append the word 'insecure' to the command.";
+ echo "";
+ exit 1
+fi
+
mkdir -p extend/widget/$2
mkdir widget > /dev/null 2>&1
git clone $1 extend/widget/$2