From 1f11c1f71a314a85ab09b75f10a527a351020144 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 19 Dec 2018 23:09:32 -0500
Subject: [PATCH] models/repo_editor: ignore copying files with '.git/' path
 prefix (#5558)

---
 models/repo_editor.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/models/repo_editor.go b/models/repo_editor.go
index a302a8de1..33887f934 100644
--- a/models/repo_editor.go
+++ b/models/repo_editor.go
@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/Unknwon/com"
@@ -467,14 +468,19 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
 	dirPath := path.Join(localPath, opts.TreePath)
 	os.MkdirAll(dirPath, os.ModePerm)
 
-	// Copy uploaded files into repository.
+	// Copy uploaded files into repository
 	for _, upload := range uploads {
 		tmpPath := upload.LocalPath()
-		targetPath := path.Join(dirPath, upload.Name)
 		if !com.IsFile(tmpPath) {
 			continue
 		}
 
+		// Prevent copying files into .git directory, see https://github.com/gogs/gogs/issues/5558.
+		if strings.HasPrefix(upload.Name, ".git/") {
+			continue
+		}
+
+		targetPath := path.Join(dirPath, upload.Name)
 		if err = com.Copy(tmpPath, targetPath); err != nil {
 			return fmt.Errorf("copy: %v", err)
 		}