From 01ad485f6517caba49b1917818ceaa477e6cc846 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 4 Apr 2016 16:17:50 -0700 Subject: SECURITY: Do not link unknown and unverified code repositories to the project without some form of confirmation that one accepts the significant risks involved. --- util/add_widget_repo | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'util/add_widget_repo') diff --git a/util/add_widget_repo b/util/add_widget_repo index 347e8e4e1..e7e316ba4 100755 --- a/util/add_widget_repo +++ b/util/add_widget_repo @@ -1,10 +1,21 @@ #!/bin/bash -f -if [ $# -ne 2 ]; then +if [ $# -lt 2 ]; then echo usage: $0 repo_url nickname exit 1 fi +if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then + echo ""; + echo "This is NOT an official project repository."; + echo "In order to protect you from unverified and"; + echo "possibly malicious content, this repository"; + echo "will not be linked to your site unless you"; + echo "append the word 'insecure' to the command."; + echo ""; + exit 1 +fi + mkdir -p extend/widget/$2 mkdir widget > /dev/null 2>&1 git clone $1 extend/widget/$2 -- cgit v1.2.3