Mercurial > public > src > rhodecode

changeset 323:fc4027fe46bc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed bug when user is capable of creating _admin repository which is a link to admin interface
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 29 Jun 2010 12:32:30 +0200
parents 7e4771a0ff43
children 9a70fe918a81
files pylons_app/model/forms.py
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/pylons_app/model/forms.py	Tue Jun 29 12:24:25 2010 +0200
+++ b/pylons_app/model/forms.py	Tue Jun 29 12:32:30 2010 +0200
@@ -138,7 +138,9 @@
             
         def to_python(self, value, state):
             slug = h.repo_name_slug(value)
-            
+            if slug in ['_admin']:
+                raise formencode.Invalid(_('This repository name is disallowed'),
+                                         value, state)
             sa = meta.Session
             if sa.query(Repository).get(slug) and not edit:
                 raise formencode.Invalid(_('This repository already exists'),