domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Use CleanPath instead of path.Clean (#23371)

Browse source 
As title.
This commit is contained in:
Lunny Xiao 2023-03-08 20:17:39 +08:00 committed by GitHub
parent 090e753923
commit b116418f05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 45 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
services/migrations/gitea_uploader.go
View file

@ -9,7 +9,6 @@ import (
"fmt"
"io"
"os"
"path"
"path/filepath"
"strconv"
"strings"
@ -30,6 +29,7 @@ import (
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/uri"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/pull"
"github.com/google/uuid"
@ -866,7 +866,7 @@ func (g *GiteaLocalUploader) CreateReviews(reviews ...*base.Review) error {
}
// SECURITY: The TreePath must be cleaned!
comment.TreePath = path.Clean("/" + comment.TreePath)[1:]
comment.TreePath = util.CleanPath(comment.TreePath)
var patch string
reader, writer := io.Pipe()