diff options
author | zeripath <art27@cantab.net> | 2020-09-29 02:16:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-28 21:16:52 -0400 |
commit | 4c6ac08182b5a14eaaffaafafef160bd90c4ae81 (patch) | |
tree | 500fcc347d4ae741c4e0950beddb199e59ad6d6c /models | |
parent | 5cfc1f573fd986cf141165d52dd18255069f0d06 (diff) | |
download | gitea-4c6ac08182b5a14eaaffaafafef160bd90c4ae81.tar.gz gitea-4c6ac08182b5a14eaaffaafafef160bd90c4ae81.zip |
Completely quote AppPath and CustomConf paths (#12955)
* Completely quote AppPath and CustomConf paths
Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.
Fix #10813
Signed-off-by: Andrew Thornton <art27@cantab.net>
* missing change
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix Test_CmdKeys
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'models')
-rw-r--r-- | models/ssh_key.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/models/ssh_key.go b/models/ssh_key.go index 753ad57934..b46ff76b94 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -38,8 +38,8 @@ import ( const ( tplCommentPrefix = `# gitea public key` - tplCommand = "%s --config=%q serv key-%d" - tplPublicKey = tplCommentPrefix + "\n" + `command=%q,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" + tplCommand = "%s --config=%s serv key-%d" + tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" ) var sshOpLocker sync.Mutex @@ -84,7 +84,7 @@ func (key *PublicKey) OmitEmail() string { // AuthorizedString returns formatted public key string for authorized_keys file. func (key *PublicKey) AuthorizedString() string { - return fmt.Sprintf(tplPublicKey, fmt.Sprintf(tplCommand, setting.AppPath, setting.CustomConf, key.ID), key.Content) + return fmt.Sprintf(tplPublicKey, util.ShellEscape(fmt.Sprintf(tplCommand, util.ShellEscape(setting.AppPath), util.ShellEscape(setting.CustomConf), key.ID)), key.Content) } func extractTypeFromBase64Key(key string) (string, error) { |