Browse Source

security: fix vulnerability in changing username

Reported by João Arnaut.
pull/4264/head
Unknwon 8 years ago
parent
commit
e6dbfd918c
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
  1. 2
      gogs.go
  2. 2
      modules/form/user.go
  3. 2
      templates/.VERSION
  4. 2
      templates/user/settings/profile.tmpl

2
gogs.go

@ -16,7 +16,7 @@ import (
"github.com/gogits/gogs/modules/setting"
)
const APP_VER = "0.10.7.0306"
const APP_VER = "0.10.8.0307"
func init() {
setting.AppVer = APP_VER

2
modules/form/user.go

@ -90,7 +90,7 @@ func (f *SignIn) Validate(ctx *macaron.Context, errs binding.Errors) binding.Err
// \/ \/ \/ \/ \/
type UpdateProfile struct {
Name string `binding:"OmitEmpty;MaxSize(35)"`
Name string `binding:"Required;AlphaDashDot;MaxSize(35)"`
FullName string `binding:"MaxSize(100)"`
Email string `binding:"Required;Email;MaxSize(254)"`
Website string `binding:"Url;MaxSize(100)"`

2
templates/.VERSION

@ -1 +1 @@
0.10.7.0306
0.10.8.0307

2
templates/user/settings/profile.tmpl

@ -25,7 +25,7 @@
</div>
<div class="required field {{if .Err_Email}}error{{end}}">
<label for="email">{{.i18n.Tr "email"}}</label>
<input id="email" name="email" value="{{.SignedUser.Email}}">
<input id="email" name="email" value="{{.SignedUser.Email}}" required>
</div>
<div class="field {{if .Err_Website}}error{{end}}">
<label for="website">{{.i18n.Tr "settings.website"}}</label>

Loading…
Cancel
Save