diff options
author | Unknwon <u@gogs.io> | 2016-05-06 15:40:41 -0400 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2016-05-06 15:40:41 -0400 |
commit | 0a78d99a4db96c5181678acc46ca3dcc0d10c2b2 (patch) | |
tree | 36c4c3883437f2153a012519d290d2a055a42397 /models/release.go | |
parent | 3df8eb60e3227b4cff671e4714d262603b82943b (diff) | |
download | gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.tar.gz gitea-0a78d99a4db96c5181678acc46ca3dcc0d10c2b2.zip |
models/release: filter input to prevent command line argument vulnerability
Diffstat (limited to 'models/release.go')
-rw-r--r-- | models/release.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/models/release.go b/models/release.go index 69ce6c139d..026ab8ff5c 100644 --- a/models/release.go +++ b/models/release.go @@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error { return fmt.Errorf("GetBranchCommit: %v", err) } + // Trim '--' prefix to prevent command line argument vulnerability + rel.TagName = strings.TrimPrefix(rel.TagName, "--") if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil { return err } |