From 01ad485f6517caba49b1917818ceaa477e6cc846 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Mon, 4 Apr 2016 16:17:50 -0700
Subject: SECURITY: Do not link unknown and unverified code repositories to the
 project without some form of confirmation that one accepts the significant
 risks involved.

---
 util/add_widget_repo | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'util/add_widget_repo')

diff --git a/util/add_widget_repo b/util/add_widget_repo
index 347e8e4e1..e7e316ba4 100755
--- a/util/add_widget_repo
+++ b/util/add_widget_repo
@@ -1,10 +1,21 @@
 #!/bin/bash -f
 
-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
 	echo usage: $0 repo_url nickname
 	exit 1
 fi
 
+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+	echo "";
+	echo "This is NOT an official project repository.";
+	echo "In order to protect you from unverified and";
+	echo "possibly malicious content, this repository";
+	echo "will not be linked to your site unless you";
+	echo "append the word 'insecure' to the command.";
+	echo "";
+	exit 1
+fi
+
 mkdir -p extend/widget/$2
 mkdir widget > /dev/null 2>&1
 git clone $1 extend/widget/$2
-- 
cgit v1.2.3