SECURITY: Do not link unknown and unverified code repositories to the project without some form of confirmation that one accepts the significant risks involved.

2016-04-04 16:17:50 -07:00
parent 447c59fd9b
commit 01ad485f65
3 changed files with 36 additions and 5 deletions
--- a/util/add_widget_repo
+++ b/util/add_widget_repo
@@ -1,10 +1,21 @@
 #!/bin/bash -f

-if [ $# -ne 2 ]; then
+if [ $# -lt 2 ]; then
 	echo usage: $0 repo_url nickname
 	exit 1
 fi

+if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then
+	echo "";
+	echo "This is NOT an official project repository.";
+	echo "In order to protect you from unverified and";
+	echo "possibly malicious content, this repository";
+	echo "will not be linked to your site unless you";
+	echo "append the word 'insecure' to the command.";
+	echo "";
+	exit 1
+fi
+
 mkdir -p extend/widget/$2
 mkdir widget > /dev/null 2>&1
 git clone $1 extend/widget/$2