From 8a769ecedb1f0748e82d792622b07219a5ac921d Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Sat, 12 Jun 2021 11:41:30 -0400
Subject: [PATCH] Prohibit repos named . or ..

---
 api/graph/schema.resolvers.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/graph/schema.resolvers.go b/api/graph/schema.resolvers.go
index f0f24be..50cb183 100644
--- a/api/graph/schema.resolvers.go
+++ b/api/graph/schema.resolvers.go
@@ -72,6 +72,9 @@ func (r *mutationResolver) CreateRepository(ctx context.Context, name string, vi
 		return nil, fmt.Errorf("Invalid repository name '%s' (must match %s)",
 			name, repoNameRE.String())
 	}
+	if name == "." || name == ".." {
+		return nil, fmt.Errorf("Invalid repository name '%s' (must not be . or ..)", name))
+	}
 
 	conf := config.ForContext(ctx)
 	repoStore, ok := conf.Get("git.sr.ht", "repos")
-- 
2.38.4