Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-03-20 10:51:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace tool.IsMaliciousPath with pathutil.Clean and move IsSameSite to urlutil (#8106)

Browse Source
This commit is contained in:
Copilot
2026-01-23 21:13:27 -05:00
committed by GitHub
parent a7bc1637db
commit 1cdeef2ce8
9 changed files with 47 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/database/repo_editor.go
View File

@@ -23,7 +23,6 @@ import (
"gogs.io/gogs/internal/osutil"
"gogs.io/gogs/internal/pathutil"
"gogs.io/gogs/internal/process"
"gogs.io/gogs/internal/tool"
)
// BranchAlreadyExists represents an error when branch already exists.
@@ -415,8 +414,10 @@ func (upload *Upload) LocalPath() string {
// NewUpload creates a new upload object.
func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) {
if tool.IsMaliciousPath(name) {
return nil, errors.Newf("malicious path detected: %s", name)
// 🚨 SECURITY: Prevent path traversal.
name = pathutil.Clean(name)
if name == "" {
return nil, errors.New("empty file name")
}
upload := &Upload{