| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | fix: Fix StoredUserConfig not escaping control characters | Florian Zschocke | 2022-03-13 | 1 | -0/+149 |
| | | | | | | | | | | | | | | | | | | The `StoredUserConfig` only escaped the escape character, i.e. backslash. But it does not escape control characters like tab or newline. This introduces a vulnerability where an attacker can create new entries in their user account and create new accounts. In addition, other characters are also not properly handled. Field values with a comment character need to be quoted. This only happens for the `#` character and only when the value starts with it. Also the quote is note escaped in values. This change completely rewrites the `escape` method of `StoredUserConfig`. It takes care of properly escaping characters that need escaping for the git configuration file format. This fixes #1410 | ||||
| * | fix: Fix StoredUserConfig handling null subsections | Florian Zschocke | 2022-03-13 | 1 | -0/+58 |
| Te `StoredUserConfig` did not handle sections without a subsection. When the subsection did not exist, i.e. was `null`, then the subsection name would be set to the string "null". This is not how the config file format works. It should create a `[SECTIONNAME]` entry instead. This fix handles a `null` subsection correctly, by handling it as a section without a subsection. | |||||
 |
index : gitblit.git | |
| Pure java git solution: https://github.com/gitblit-org/gitblit | www-data |
| summaryrefslogtreecommitdiffstats |