SECURITY: Do not link unknown and unverified code repositories to the project without some form of confirmation that one accepts the significant risks involved.

1 files changed, 12 insertions, 2 deletions

diff --git a/util/add_addon_repo b/util/add_addon_repo
index decd9e091..a8dd9f49a 100755
--- a/util/add_addon_repo
+++ b/util/add_addon_repo
@@ -1,10 +1,21 @@
 #!/bin/bash -f
 
-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
 	echo usage: $0 repo_url nickname
 	exit 1
 fi
 
+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+	echo "";
+	echo "This is NOT an official project repository.";
+	echo "In order to protect you from unverified and";
+	echo "possibly malicious content, this repository";
+	echo "will not be linked to your site unless you";
+	echo "append the word 'insecure' to the command.";
+	echo "";
+	exit 1
+fi
+
 mkdir -p extend/addon/$2
 mkdir addon > /dev/null 2>&1
 git clone $1 extend/addon/$2
@@ -14,7 +25,6 @@ fi
 
 filelist=(`ls extend/addon/$2`)
 
-
 cd addon
 for a in "${filelist[@]}" ; do
 	base=`basename $a`