- if ( chdir(dir) )
- return -1;
-
- /*
- * Security on the cheap.
- *
- * We want a readable HEAD, usable "objects" directory, and
- * a "git-daemon-export-ok" flag that says that the other side
- * is ok with us doing this.
- */
- if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
- errno = EACCES;
- return -1;
+ if ( ok_paths && *ok_paths ) {
+ char **pp;
+ int pathlen = strlen(path);
+
+ /* The validation is done on the paths after enter_repo
+ * appends optional {.git,.git/.git} and friends, but
+ * it does not use getcwd(). So if your /pub is
+ * a symlink to /mnt/pub, you can whitelist /pub and
+ * do not have to say /mnt/pub.
+ * Do not say /pub/.
+ */
+ for ( pp = ok_paths ; *pp ; pp++ ) {
+ int len = strlen(*pp);
+ if (len <= pathlen &&
+ !memcmp(*pp, path, len) &&
+ (path[len] == '\0' ||
+ (!strict_paths && path[len] == '/')))
+ return path;
+ }