Clean Path in Options (#23006) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	JakobDev <jakobdev@gmx.de>	2023-03-08 08:07:58 +0100
committer	GitHub <noreply@github.com>	2023-03-08 15:07:58 +0800
commit	a12f5757372f751d25f9e5ca1f168f6920ded894 (patch)
tree	860e5e46a1776f4c5b88879cef75f51b6ebfc775 /modules/repository/init.go
parent	7e3b7c23463bf71c4e2ab93f184a675f1e30df0e (diff)
download	gitea-a12f5757372f751d25f9e5ca1f168f6920ded894.tar.gz gitea-a12f5757372f751d25f9e5ca1f168f6920ded894.zip

Clean Path in Options (#23006)

At the Moment it is possible to read files in another Directory as supposed using the Options functions. e.g. `options.Gitignore("../label/Default) `. This was discovered while working on #22783, which exposes `options.Gitignore()` through the public API. At the moment, this is not a security problem, as this function is only used internal, but I thought it would be a good idea to make a PR to fix this for all types of Options files, not only Gitignore, to make it safe for the further. This PR should be merged before the linked PR. --------- Co-authored-by: Jason Song <i@wolfogre.com>

Diffstat (limited to 'modules/repository/init.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: