61f0bd54d0
AdvertiseRefsHook is used to limit the visibility of the refs in Gerrit. If this hook is not called, then all refs are treated as visible, causing the server to serve commits reachable from branches the client should not be able to access, if asked to via a request naming a guessed object id. This bug was introduced in v2.0.0.201206130900-r~123 (Modify refs in UploadPack/ReceivePack using a hook interface, 2012-02-08). Stateful bidirectional transports are not affected. Fix it by moving the AdvertiseRefsHook call to getAdvertisedOrDefaultRefs, ensuring the hook is called in all cases. [jn: backported to stable-4.5 by splitting out tests and the protocol v2 specific parts] Change-Id: I159f396216354f2eda3968d17802e166d8c8ec2d Signed-off-by: Masaya Suzuki <masayasuzuki@google.com> Signed-off-by: Jonathan Nieder <jrn@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
||
|---|---|---|
| .. | ||
| .settings | ||
| META-INF | ||
| findBugs | ||
| resources/org/eclipse/jgit | ||
| src/org/eclipse/jgit | ||
| .classpath | ||
| .fbprefs | ||
| .gitignore | ||
| .project | ||
| BUCK | ||
| about.html | ||
| build.properties | ||
| plugin.properties | ||
| pom.xml | ||