SECURITY: Improve theme git import (#12694)

2025-06-04 20:44:40 +08:00 · 2021-04-14 15:32:47 +01:00
parent 0afcf9e12e
commit 9430185493
3 changed files with 19 additions and 1 deletions
--- a/lib/version.rb
+++ b/lib/version.rb
@ -54,6 +54,14 @@ module Discourse
      checkout_version = target
    end

+    return if checkout_version.nil?
+
+    begin
+      Discourse::Utils.execute_command "git", "check-ref-format", "--allow-onelevel", checkout_version
+    rescue RuntimeError
+      raise InvalidVersionListError, "Invalid ref name: #{checkout_version}"
+    end
+
    checkout_version
  end