]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db16275) | patch
proper signature validation (#13523)
authorCacciuc <43413216+Cacciuc@users.noreply.github.com>
Fri, 13 Nov 2020 18:28:15 +0000 (19:28 +0100)
committerGitHub <noreply@github.com>
Fri, 13 Nov 2020 18:28:15 +0000 (13:28 -0500)
commita31a6e39968bcbcd3728c436ce22053aeec93291
tree3e22ce1cd44e64bfe3d828d849930c6127a22a62tree | snapshot
parentdb16275d9efe59bf54cbe5d26e1614079d00eaaacommit | diff
proper signature validation (#13523)

$header_signature could be a typed float (start with 0e and then only numbers) and a float does equal a string when comparing with typed juggle.
eg: 0e123 != "abc" does return false, but 0e123 !== "abc" returns true.

you previously could circumvent the signature check when providing a header signature in the float format (0e...)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
docs/content/doc/features/webhooks.en-us.md diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea