proper signature validation (#13523) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	Cacciuc <43413216+Cacciuc@users.noreply.github.com>	2020-11-13 19:28:15 +0100
committer	GitHub <noreply@github.com>	2020-11-13 13:28:15 -0500
commit	a31a6e39968bcbcd3728c436ce22053aeec93291 (patch)
tree	3e22ce1cd44e64bfe3d828d849930c6127a22a62 /web_src/js
parent	db16275d9efe59bf54cbe5d26e1614079d00eaaa (diff)
download	gitea-a31a6e39968bcbcd3728c436ce22053aeec93291.tar.gz gitea-a31a6e39968bcbcd3728c436ce22053aeec93291.zip

proper signature validation (#13523)

$header_signature could be a typed float (start with 0e and then only numbers) and a float does equal a string when comparing with typed juggle. eg: 0e123 != "abc" does return false, but 0e123 !== "abc" returns true. you previously could circumvent the signature check when providing a header signature in the float format (0e...) Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Diffstat (limited to 'web_src/js')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: