diff options
author | Simon McVittie <smcv@debian.org> | 2017-10-01 13:16:03 +0100 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2017-10-01 13:21:56 +0100 |
commit | 6fb43c29f63b85c3424520819427903e5a204426 (patch) | |
tree | 2270e40151a12555f63d98360654a520aa02c4fd | |
parent | cf7df018ccf5513b79bcfe0b108e348b6da341c1 (diff) | |
download | ikiwiki-6fb43c29f63b85c3424520819427903e5a204426.tar ikiwiki-6fb43c29f63b85c3424520819427903e5a204426.tar.gz |
Pass some git environment variables to the test-receive hook
Since git 2.11, git has stored the proposed push in a "quarantine
area" until it is accepted by the pre-receive hook, and passed
extra environment variables to the pre-receive hook so that it can
read objects from the quarantine area.
This fixes untrusted push on modern git versions.
Signed-off-by: Simon McVittie <smcv@debian.org>
-rw-r--r-- | IkiWiki/Wrapper.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index d8a387ec1..739ee3173 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -52,6 +52,8 @@ sub gen_wrapper () { HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT REDIRECT_URL} if $config{cgi}; + push @envsave, qw{GIT_OBJECT_DIRECTORY GIT_QUARANTINE_PATH + GIT_ALTERNATE_OBJECT_DIRECTORIES} if $config{test_receive}; my $envsave=""; foreach my $var (@envsave) { $envsave.=<<"EOF"; |