From mboxrd@z Thu Jan  1 00:00:00 1970
From: sebastian at breakpoint.cc (Sebastian Andrzej Siewior)
Date: Sat, 18 Jan 2014 21:24:57 +0100
Subject: [PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests
In-Reply-To: <1390076700-16626-1-git-send-email-sebastian@breakpoint.cc>
References: <1390076700-16626-1-git-send-email-sebastian@breakpoint.cc>
Message-ID: <1390076700-16626-2-git-send-email-sebastian@breakpoint.cc>

If the snapshots are not enabled then the frontend won't show a link to it.
The skilled user however may construct the URL on his own and the frontend
will obey the request.
This patch adds a check for this case so the requst won't be served.

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
 ui-snapshot.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ui-snapshot.c b/ui-snapshot.c
index 582dc31..b278ddf 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -209,6 +209,12 @@ void cgit_print_snapshot(const char *head, const char *hex,
 		return;
 	}
 
+	if (!(f->bit & snapshots)) {
+		show_error(xstrdup(fmt("Snapshot format %s is not enabled.",
+						f->suffix)));
+		return;
+	}
+
 	if (!hex && dwim) {
 		hex = get_ref_from_filename(ctx.repo->url, filename, f);
 		if (hex == NULL) {
-- 
1.8.5.2