I just had a conflict while merging upstream with #1, and in fixing it I was able to shave off some code. But I did it by adding this:

https://github.com/neuropoly/gitea/blob/5e37296766b050f5d2b39732d4f43dd3cbe506ed/cmd/serv.go#L347

over this:

This is because git-annex-shell takes a variable number of arguments, whereas all other remote git commands take just 1 (repoPath) ( except git-lfs-authenticate which takes 2, but that has a separate special case that doesn't need gitcmd.Run()).

So doing this has weakened the security: it now means a malicious user could try to run, git-receive-pack some/repo.git ../../ 'shellinjectionattempt. git should be smart enough to just die on that situation, but what if it doesn't?

We should add some careful bounds-checking to re-enable the previous guarantee.