Add dirname check

commit: 90a6277062c982edc7816cd0d0df22dbd4dafe2f [log] [tgz]
author: Sebb <sebb@apache.org> Mon Jul 20 00:56:14 2020 +0100
committer: Sebb <sebb@apache.org> Mon Jul 20 00:56:14 2020 +0100
tree: ec02269e098bfedc00d33a76f4aa8e3ef71e2f03
parent: 83ac324976415ac1a877b88b15729ab1c6dcac98 [diff]
diff --git a/www/secretary/workbench/views/actions/ccla.json.rb b/www/secretary/workbench/views/actions/ccla.json.rb
index 952fcf0..92e6b51 100644
--- a/www/secretary/workbench/views/actions/ccla.json.rb
+++ b/www/secretary/workbench/views/actions/ccla.json.rb

@@ -69,6 +69,9 @@
       dest = message.write_att(@selected, @signature)
 
       if dest.size > 1 # write to a container directory
+        unless @filename =~ /\A[a-zA-Z][-.\w]+\z/ # previously done by write_svn
+          raise IOError.new("invalid filename: #{@filename}")
+        end
         container = ASF::SVN.svnpath!('cclas', @filename)
         extras << ['mkdir', container]
         dest.each do |name, path|
commit	90a6277062c982edc7816cd0d0df22dbd4dafe2f	[log] [tgz]
author	Sebb <sebb@apache.org>	Mon Jul 20 00:56:14 2020 +0100
committer	Sebb <sebb@apache.org>	Mon Jul 20 00:56:14 2020 +0100
tree	ec02269e098bfedc00d33a76f4aa8e3ef71e2f03
parent	83ac324976415ac1a877b88b15729ab1c6dcac98 [diff]