Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean Path in Options #23006

Merged
merged 4 commits into from
Mar 8, 2023
Merged

Clean Path in Options #23006

merged 4 commits into from
Mar 8, 2023

Conversation

JakobDev
Copy link
Contributor

At the Moment it is possible to read files in another Directory as supposed using the Options functions. e.g. options.Gitignore("../label/Default) . This was discovered while working on #22783, which exposes options.Gitignore() through the public API. At the moment, this is not a security problem, as this function is only used internal, but I thought it would be a good idea to make a PR to fix this for all types of Options files, not only Gitignore, to make it safe for the further. This PR should be merged before the linked PR.

@JakobDev JakobDev mentioned this pull request Feb 20, 2023
Merged
@wxiaoguang wxiaoguang mentioned this pull request Mar 8, 2023
Merged
@wolfogre wolfogre added the type/enhancement An improvement of existing functionality label Mar 8, 2023
@wolfogre wolfogre added this to the 1.20.0 milestone Mar 8, 2023
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Mar 8, 2023
wolfogre
wolfogre reviewed Mar 8, 2023
View reviewed changes
modules/options/dynamic.go Outdated Show resolved Hide resolved
wolfogre
wolfogre reviewed Mar 8, 2023
View reviewed changes
modules/options/dynamic.go Outdated Show resolved Hide resolved
modules/options/dynamic.go Outdated Show resolved Hide resolved
modules/options/dynamic.go Outdated Show resolved Hide resolved
modules/options/static.go Outdated Show resolved Hide resolved
modules/options/static.go Outdated Show resolved Hide resolved
modules/options/static.go Outdated Show resolved Hide resolved
modules/options/static.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 8, 2023
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 8, 2023
@codecov-commenter
Copy link

codecov-commenter commented Mar 8, 2023
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (main@7e3b7c2). Click here to learn what that means.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##             main   #23006   +/-   ##
=======================================
  Coverage        ?   47.55%           
=======================================
  Files           ?     1148           
  Lines           ?   151203           
  Branches        ?        0           
=======================================
  Hits            ?    71902           
  Misses          ?    70789           
  Partials        ?     8512
Impacted Files Coverage Δ
modules/options/dynamic.go 47.88% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@wolfogre wolfogre merged commit a12f575 into go-gitea:main Mar 8, 2023
@wolfogre wolfogre removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 8, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Mar 9, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
62af2dc 
* giteaofficial/main:
  Test renderReadmeFile (go-gitea#23185)
  [skip ci] Updated translations via Crowdin
  Set `X-Gitea-Debug` header once (go-gitea#23361)
  Improve cache context (go-gitea#23330)
  add user visibility in dashboard navbar (go-gitea#22747)
  Fix panic when getting notes by ref (go-gitea#23372)
  Use CleanPath instead of path.Clean (go-gitea#23371)
  Reduce duplicate and useless code in options (go-gitea#23369)
  Clean Path in Options (go-gitea#23006)
  Do not recognize text files as audio (go-gitea#23355)
  Fix incorrect display for comment context menu  (go-gitea#23343)

# Conflicts:
#	templates/repo/issue/view_content/context_menu.tmpl
silverwind pushed a commit that referenced this pull request Apr 26, 2023
@JakobDev
Add API for License templates (#23009)
fb37eef 
This adds a API for getting License templates. This tries to be as close
to the [GitHub
API](https://docs.github.com/en/rest/licenses?apiVersion=2022-11-28) as
possible, but Gitea does not support all features that GitHub has. I
think they should been added, but this out f the scope of this PR. You
should merge #23006 before this PR for security reasons.
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
@JakobDev JakobDev deleted the optionspathclean branch September 13, 2023 07:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wolfogre wolfogre wolfogre approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.20.0
Development

Successfully merging this pull request may close these issues.
5 participants
@JakobDev @codecov-commenter @lunny @wolfogre @GiteaBot