From ab9dfa8fd681ac558cf988aa2cdb5bd69feea757 Mon Sep 17 00:00:00 2001
From: Jacob Vosmaer <contact@jacobvosmaer.nl>
Date: Wed, 6 Apr 2016 19:25:47 +0200
Subject: [PATCH] Clarify intentions

---
 app/controllers/projects/git_http_controller.rb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb
index 6dd7a683b0e..11e17510cb9 100644
--- a/app/controllers/projects/git_http_controller.rb
+++ b/app/controllers/projects/git_http_controller.rb
@@ -108,11 +108,14 @@ class Projects::GitHttpController < Projects::ApplicationController
     id = params[:project_id]
     return if id.nil?
     
-    if id.end_with?('.wiki.git')
-      id.slice(0, id.length - 9)
-    elsif id.end_with?('.git')
-      id.slice(0, id.length - 4)
+    %w{.wiki.git .git}.each do |suffix|
+      # Be careful to only remove the suffix from the end of 'id'.
+      # Accidentally removing it from the middle is how security
+      # vulnerabilities happen!
+      return id.slice(0, id.length - suffix.length) if id.end_with?(suffix)
     end
+
+    nil
   end
 
   def repository