From mboxrd@z Thu Jan  1 00:00:00 1970
From: cgit at ml.breakpoint.cc (cgit at ml.breakpoint.cc)
Date: Thu, 21 Jun 2012 09:09:46 +0200
Subject: [PATCH 1/3] snapshots: Don't allow sneaked in snapshots requests
Message-ID: <1340262588-24202-1-git-send-email-cgit@ml.breakpoint.cc>

From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>

If the snapshots are not enabled then the frontend won't show a link to it.
The skilled user however may construct the URL on his own and the frontend
will obey the request.
This patch adds a check for this case so the requst won't be served.

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
 ui-snapshot.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/ui-snapshot.c b/ui-snapshot.c
index 07cc944..5034c19 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -168,6 +168,12 @@ void cgit_print_snapshot(const char *head, const char *hex,
 		return;
 	}
 
+	if (!(f->bit & snapshots)) {
+		show_error(xstrdup(fmt("Snapshot format %s is not enabled.",
+						f->suffix)));
+		return;
+	}
+
 	if (!hex && dwim) {
 		hex = get_ref_from_filename(ctx.repo->url, filename, f);
 		if (hex == NULL) {
-- 
1.7.2.5