models/release: filter input to prevent command line argument vulnerability

author: Unknwon <u@gogs.io> 2016-05-06 15:40:41 -0400
committer: Unknwon <u@gogs.io> 2016-05-06 15:40:41 -0400
commit: 0a78d99a4db96c5181678acc46ca3dcc0d10c2b2 (patch)
tree: 36c4c3883437f2153a012519d290d2a055a42397 /models/issue.go
parent: 3df8eb60e3227b4cff671e4714d262603b82943b (diff)
download: gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.tar.gz
gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/models/issue.go b/models/issue.go
index 27df4796a1..f16382ba14 100644
--- a/models/issue.go
+++ b/models/issue.go
@@ -546,9 +546,9 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
 		sess.Desc("created_unix")
 	}
 
-	if opts.Labels != "0" {
+	if len(opts.Labels) > 0 && opts.Labels != "0" {
 		labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
-		if opts.Labels != "" && len(labelIDs) > 0 {
+		if len(labelIDs) > 0 {
 			sess.Join("INNER", "issue_label", "issue.id = issue_label.issue_id").In("label_id", labelIDs)
 		}
 	}
@@ -785,9 +785,9 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
 	countSession := func(opts *IssueStatsOptions) *xorm.Session {
 		sess := x.Where("issue.repo_id = ?", opts.RepoID).And("is_pull = ?", opts.IsPull)
 
-		if opts.Labels != "0" {
+		if len(opts.Labels) > 0 && opts.Labels != "0" {
 			labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
-			if opts.Labels != "" && len(labelIDs) > 0 {
+			if len(labelIDs) > 0 {
 				sess.Join("INNER", "issue_label", "issue.id = issue_id").In("label_id", labelIDs)
 			}
 		}
author	Unknwon <u@gogs.io>	2016-05-06 15:40:41 -0400
committer	Unknwon <u@gogs.io>	2016-05-06 15:40:41 -0400
commit	0a78d99a4db96c5181678acc46ca3dcc0d10c2b2 (patch)
tree	36c4c3883437f2153a012519d290d2a055a42397 /models/issue.go
parent	3df8eb60e3227b4cff671e4714d262603b82943b (diff)
download	gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.tar.gz gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.zip