USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pkg/tool: improve SanitizePath (#5558)

pull/5340/head^2
Unknwon 2018-12-18 01:38:08 -05:00
parent 86ada87529
commit ff93d9dbda
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
4 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gogs.go
View File

@ -16,7 +16,7 @@ import (
"github.com/gogs/gogs/pkg/setting"
)
const APP_VER = "0.11.81.1217"
const APP_VER = "0.11.82.1218"
func init() {
setting.AppVer = APP_VER

4
pkg/tool/path.go
View File

@ -17,5 +17,7 @@ func IsSameSiteURLPath(url string) bool {
// SanitizePath sanitizes user-defined file paths to prevent remote code execution.
func SanitizePath(path string) string {
return strings.TrimLeft(path, "./")
path = strings.TrimLeft(path, "/")
path = strings.Replace(path, "../", "", -1)
return path
}

1
pkg/tool/path_test.go
View File

@ -38,6 +38,7 @@ func Test_SanitizePath(t *testing.T) {
expect string
}{
{"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
{"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
{"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"},
}

2
templates/.VERSION
View File

@ -1 +1 @@
0.11.81.1217
0.11.82.1218