Browse Source

security: fix path cleanup for repository init and editor (#5207)

Reported by Kacper Szurek https://security.szurek.pl/.
pull/5224/head
Lauris BH 7 years ago committed by 无闻
parent
commit
eccc8109c1
  1. 2
      models/repo.go
  2. 2
      models/wiki.go
  3. 4
      routes/repo/editor.go

2
models/repo.go

@ -854,7 +854,7 @@ type CreateRepoOptions struct {
} }
func getRepoInitFile(tp, name string) ([]byte, error) { func getRepoInitFile(tp, name string) ([]byte, error) {
relPath := path.Join("conf", tp, strings.TrimLeft(name, "./")) relPath := path.Join("conf", tp, strings.TrimLeft(path.Clean("/"+name), "/"))
// Use custom file when available. // Use custom file when available.
customPath := path.Join(setting.CustomPath, relPath) customPath := path.Join(setting.CustomPath, relPath)

2
models/wiki.go

@ -33,7 +33,7 @@ func ToWikiPageURL(name string) string {
// that are not belong to wiki repository. // that are not belong to wiki repository.
func ToWikiPageName(urlString string) string { func ToWikiPageName(urlString string) string {
name, _ := url.QueryUnescape(urlString) name, _ := url.QueryUnescape(urlString)
return strings.Replace(strings.TrimLeft(name, "./"), "/", " ", -1) return strings.Replace(strings.TrimLeft(path.Clean("/"+name), "/"), "/", " ", -1)
} }
// WikiCloneLink returns clone URLs of repository wiki. // WikiCloneLink returns clone URLs of repository wiki.

4
routes/repo/editor.go

@ -140,7 +140,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
branchName = f.NewBranchName branchName = f.NewBranchName
} }
f.TreePath = strings.Trim(f.TreePath, " /") f.TreePath = strings.Trim(path.Clean("/"+f.TreePath), " /")
treeNames, treePaths := getParentTreeFields(f.TreePath) treeNames, treePaths := getParentTreeFields(f.TreePath)
c.Data["ParentTreePath"] = path.Dir(c.Repo.TreePath) c.Data["ParentTreePath"] = path.Dir(c.Repo.TreePath)
@ -431,7 +431,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
branchName = f.NewBranchName branchName = f.NewBranchName
} }
f.TreePath = strings.Trim(f.TreePath, " /") f.TreePath = strings.Trim(path.Clean("/"+f.TreePath), " /")
treeNames, treePaths := getParentTreeFields(f.TreePath) treeNames, treePaths := getParentTreeFields(f.TreePath)
if len(treeNames) == 0 { if len(treeNames) == 0 {
// We must at least have one element for user to input. // We must at least have one element for user to input.

Loading…
Cancel
Save