summaryrefslogtreecommitdiffstats
path: root/models/release.go
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2016-05-06 15:40:41 -0400
committerUnknwon <u@gogs.io>2016-05-06 15:40:41 -0400
commit0a78d99a4db96c5181678acc46ca3dcc0d10c2b2 (patch)
tree36c4c3883437f2153a012519d290d2a055a42397 /models/release.go
parent3df8eb60e3227b4cff671e4714d262603b82943b (diff)
downloadgitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.tar.gz
gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.zip
models/release: filter input to prevent command line argument vulnerability
Diffstat (limited to 'models/release.go')
-rw-r--r--models/release.go2
1 files changed, 2 insertions, 0 deletions
diff --git a/models/release.go b/models/release.go
index 69ce6c139d..026ab8ff5c 100644
--- a/models/release.go
+++ b/models/release.go
@@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
return fmt.Errorf("GetBranchCommit: %v", err)
}
+ // Trim '--' prefix to prevent command line argument vulnerability
+ rel.TagName = strings.TrimPrefix(rel.TagName, "--")
if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
return err
}