mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-22 10:53:51 +01:00
models/release: filter input to prevent command line argument vulnerability
This commit is contained in:
parent
3df8eb60e3
commit
0a78d99a4d
7 changed files with 11 additions and 128 deletions
|
@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
|
|||
|
||||
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
|
||||
|
||||
##### Current version: 0.9.23
|
||||
##### Current version: 0.9.24
|
||||
|
||||
| Web | UI | Preview |
|
||||
|:-------------:|:-------:|:-------:|
|
||||
|
|
|
@ -23,6 +23,7 @@ Dmitriy Nogay <me AT catwhocode DOT ga>
|
|||
Enrico Testori hypertesto AT gmail DOT com
|
||||
Ezequiel Gonzalez Rial <gonrial AT gmail DOT com>
|
||||
Gregor Santner <gdev AT live DOT de>
|
||||
Halil Kaya <halil AT halilkaya DOT net>
|
||||
Hamid Feizabadi <hamidfzm AT gmail DOT com>
|
||||
Huimin Wang <wanghm2009 AT hotmail DOT co DOT jp>
|
||||
ilko <kontact-mr.k AT outlook DOT com">
|
||||
|
|
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
|||
"github.com/gogits/gogs/modules/setting"
|
||||
)
|
||||
|
||||
const APP_VER = "0.9.23.0426"
|
||||
const APP_VER = "0.9.25.0506"
|
||||
|
||||
func init() {
|
||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||
|
|
|
@ -546,9 +546,9 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
|
|||
sess.Desc("created_unix")
|
||||
}
|
||||
|
||||
if opts.Labels != "0" {
|
||||
if len(opts.Labels) > 0 && opts.Labels != "0" {
|
||||
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
|
||||
if opts.Labels != "" && len(labelIDs) > 0 {
|
||||
if len(labelIDs) > 0 {
|
||||
sess.Join("INNER", "issue_label", "issue.id = issue_label.issue_id").In("label_id", labelIDs)
|
||||
}
|
||||
}
|
||||
|
@ -785,9 +785,9 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
|
|||
countSession := func(opts *IssueStatsOptions) *xorm.Session {
|
||||
sess := x.Where("issue.repo_id = ?", opts.RepoID).And("is_pull = ?", opts.IsPull)
|
||||
|
||||
if opts.Labels != "0" {
|
||||
if len(opts.Labels) > 0 && opts.Labels != "0" {
|
||||
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
|
||||
if opts.Labels != "" && len(labelIDs) > 0 {
|
||||
if len(labelIDs) > 0 {
|
||||
sess.Join("INNER", "issue_label", "issue.id = issue_id").In("label_id", labelIDs)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
|
|||
return fmt.Errorf("GetBranchCommit: %v", err)
|
||||
}
|
||||
|
||||
// Trim '--' prefix to prevent command line argument vulnerability
|
||||
rel.TagName = strings.TrimPrefix(rel.TagName, "--")
|
||||
if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -431,126 +431,6 @@
|
|||
"strictImports": 0,
|
||||
"strictMath": 0,
|
||||
"strictUnits": 0
|
||||
},
|
||||
"\/plugins\/dropzone-4.2.0\/dropzone.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/dropzone-4.2.0\/dropzone.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/dropzone-4.2.0\/dropzone.js": {
|
||||
"fileType": 64,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/dropzone-4.2.0\/dropzone.js",
|
||||
"outputAbbreviatedPath": "\/plugins\/dropzone-4.2.0\/min\/dropzone-min.js",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"outputStyle": 1,
|
||||
"syntaxCheckerStyle": 1
|
||||
},
|
||||
"\/plugins\/highlight-9.2.0\/default.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/highlight-9.2.0\/default.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/highlight-9.2.0\/github.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/highlight-9.2.0\/github.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/highlight-9.2.0\/highlight.pack.js": {
|
||||
"fileType": 64,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/highlight-9.2.0\/highlight.pack.js",
|
||||
"outputAbbreviatedPath": "\/plugins\/highlight-9.2.0\/min\/highlight.pack-min.js",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"outputStyle": 1,
|
||||
"syntaxCheckerStyle": 1
|
||||
},
|
||||
"\/plugins\/jquery.datetimepicker-2.4.5\/jquery.datetimepicker.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/jquery.datetimepicker-2.4.5\/jquery.datetimepicker.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/jquery.datetimepicker-2.4.5\/jquery.datetimepicker.js": {
|
||||
"fileType": 64,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/jquery.datetimepicker-2.4.5\/jquery.datetimepicker.js",
|
||||
"outputAbbreviatedPath": "\/plugins\/jquery.datetimepicker-2.4.5\/min\/jquery.datetimepicker-min.js",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"outputStyle": 1,
|
||||
"syntaxCheckerStyle": 1
|
||||
},
|
||||
"\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.min.js": {
|
||||
"fileType": 64,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.min.js",
|
||||
"outputAbbreviatedPath": "\/plugins\/jquery.minicolors-2.2.3\/min\/jquery.minicolors.min-min.js",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"outputStyle": 1,
|
||||
"syntaxCheckerStyle": 1
|
||||
},
|
||||
"\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.png": {
|
||||
"fileType": 32768,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"initialSize": 68627,
|
||||
"inputAbbreviatedPath": "\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.png",
|
||||
"outputAbbreviatedPath": "\/plugins\/jquery.minicolors-2.2.3\/jquery.minicolors.png",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"processed": 0
|
||||
},
|
||||
"\/plugins\/simplemde-1.10.1\/simplemde.min.css": {
|
||||
"fileType": 16,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/simplemde-1.10.1\/simplemde.min.css",
|
||||
"outputAbbreviatedPath": "No Output Path",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0
|
||||
},
|
||||
"\/plugins\/simplemde-1.10.1\/simplemde.min.js": {
|
||||
"fileType": 64,
|
||||
"ignore": 0,
|
||||
"ignoreWasSetByUser": 0,
|
||||
"inputAbbreviatedPath": "\/plugins\/simplemde-1.10.1\/simplemde.min.js",
|
||||
"outputAbbreviatedPath": "\/plugins\/simplemde-1.10.1\/min\/simplemde.min-min.js",
|
||||
"outputPathIsOutsideProject": 0,
|
||||
"outputPathIsSetByUser": 0,
|
||||
"outputStyle": 1,
|
||||
"syntaxCheckerStyle": 1
|
||||
}
|
||||
},
|
||||
"hooks": [
|
||||
|
@ -1162,7 +1042,7 @@
|
|||
"sassUseLibsass": 0,
|
||||
"shouldRunAutoprefixer": 0,
|
||||
"shouldRunBless": 0,
|
||||
"skippedItemsString": "node_modules, _logs, .hg, _cache, log, logs, cache, \/assets, \/js\/libs, .git, .svn, \/img\/emoji",
|
||||
"skippedItemsString": "node_modules, _logs, .hg, \/plugins, _cache, log, logs, cache, \/assets, \/js\/libs, .git, .svn, \/img\/emoji",
|
||||
"slimAutoOutputPathEnabled": 1,
|
||||
"slimAutoOutputPathFilenamePattern": "*.html",
|
||||
"slimAutoOutputPathRelativePath": "",
|
||||
|
|
|
@ -1 +1 @@
|
|||
0.9.23.0426
|
||||
0.9.25.0506
|
Loading…
Reference in a new issue