From 215c08e4cb39da535f6e12a62083743d8c53a946 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Wed, 26 Feb 2014 13:54:19 -0400
Subject: avoid damaging git hook scripts

---
 Git/Destroyer.hs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'Git')

diff --git a/Git/Destroyer.hs b/Git/Destroyer.hs
index 57d8ad5..8827976 100644
--- a/Git/Destroyer.hs
+++ b/Git/Destroyer.hs
@@ -139,8 +139,12 @@ applyDamage ds r = do
 								moveFile fb fa
 								moveFile tmp fa
   where
-  	-- A broken .git/config is not recoverable.
-	skipped f = f `elem` [ "config" ]
+ 	-- A broken .git/config is not recoverable.
+	-- Don't damage hook scripts, to avoid running arbitrary code. ;)
+	skipped f = or
+		[ f == "config"
+		, "hooks" `isPrefixOf` f
+		]
 
 withSaneMode :: FilePath -> IO () -> IO ()
 withSaneMode f = withModifiedFileMode f (addModes [ownerWriteMode, ownerReadMode])
-- 
cgit v1.2.3