file_manager: always deny access to .git folders

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>

moonraker/components/file_manager/file_manager.py

@@ -251,6 +251,8 @@ class FileManager:
         if isinstance(req_path, str):
             req_path = pathlib.Path(req_path)
         req_path = req_path.expanduser().resolve()
+        if ".git" in req_path.parts:
+            return True
         for name, (res_path, can_read) in self.reserved_paths.items():
             if (
                 (res_path == req_path or res_path in req_path.parents) and
@@ -543,18 +545,21 @@ class FileManager:
             path = pathlib.Path(path)
         real_path = path.resolve()
         fstat = path.stat()
-        permissions = "rw"
+        if ".git" in real_path.parts:
-        if (
+            permissions = ""
-            root not in self.full_access_roots or
+        else:
-            (path.is_symlink() and path.is_file())
+            permissions = "rw"
-        ):
+            if (
-            permissions = "r"
+                root not in self.full_access_roots or
-        for name, (res_path, can_read) in self.reserved_paths.items():
+                (path.is_symlink() and path.is_file())
-            if (res_path == real_path or res_path in real_path.parents):
+            ):
-                if not can_read:
-                    permissions = ""
-                    break
                 permissions = "r"
+            for name, (res_path, can_read) in self.reserved_paths.items():
+                if (res_path == real_path or res_path in real_path.parents):
+                    if not can_read:
+                        permissions = ""
+                        break
+                    permissions = "r"
         return {
             'modified': fstat.st_mtime,
             'size': fstat.st_size,