diff options
author | zeripath <art27@cantab.net> | 2020-09-29 02:16:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-28 21:16:52 -0400 |
commit | 4c6ac08182b5a14eaaffaafafef160bd90c4ae81 (patch) | |
tree | 500fcc347d4ae741c4e0950beddb199e59ad6d6c /modules/repository/hooks.go | |
parent | 5cfc1f573fd986cf141165d52dd18255069f0d06 (diff) | |
download | gitea-4c6ac08182b5a14eaaffaafafef160bd90c4ae81.tar.gz gitea-4c6ac08182b5a14eaaffaafafef160bd90c4ae81.zip |
Completely quote AppPath and CustomConf paths (#12955)
* Completely quote AppPath and CustomConf paths
Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.
Fix #10813
Signed-off-by: Andrew Thornton <art27@cantab.net>
* missing change
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix Test_CmdKeys
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/repository/hooks.go')
-rw-r--r-- | modules/repository/hooks.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/repository/hooks.go b/modules/repository/hooks.go index 2cefd56069..faf9c98f8a 100644 --- a/modules/repository/hooks.go +++ b/modules/repository/hooks.go @@ -28,9 +28,9 @@ func getHookTemplates() (hookNames, hookTpls, giteaHookTpls []string) { fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType), } giteaHookTpls = []string{ - fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf), - fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf), - fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf), + fmt.Sprintf("#!/usr/bin/env %s\n%s hook --config=%s pre-receive\n", setting.ScriptType, util.ShellEscape(setting.AppPath), util.ShellEscape(setting.CustomConf)), + fmt.Sprintf("#!/usr/bin/env %s\n%s hook --config=%s update $1 $2 $3\n", setting.ScriptType, util.ShellEscape(setting.AppPath), util.ShellEscape(setting.CustomConf)), + fmt.Sprintf("#!/usr/bin/env %s\n%s hook --config=%s post-receive\n", setting.ScriptType, util.ShellEscape(setting.AppPath), util.ShellEscape(setting.CustomConf)), } return } |