diff options
| author | Unknwon <u@gogs.io> | 2017-03-07 14:07:20 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2017-03-07 14:07:20 -0500 |
| commit | e6dbfd918c8d68c29c01bf2617321b037393ada1 (patch) | |
| tree | 682c0cee223659782ba6e44cef65b1cfce67f5dc | |
| parent | c2f0711db04af5418b1348f7a166e667fd995003 (diff) | |
security: fix vulnerability in changing username
Reported by João Arnaut.
| -rw-r--r-- | gogs.go | 2 | ||||
| -rw-r--r-- | modules/form/user.go | 2 | ||||
| -rw-r--r-- | templates/.VERSION | 2 | ||||
| -rw-r--r-- | templates/user/settings/profile.tmpl | 2 |
4 files changed, 4 insertions, 4 deletions
@@ -16,7 +16,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.10.7.0306" +const APP_VER = "0.10.8.0307" func init() { setting.AppVer = APP_VER diff --git a/modules/form/user.go b/modules/form/user.go index c7d7a3d6..a7a34925 100644 --- a/modules/form/user.go +++ b/modules/form/user.go @@ -90,7 +90,7 @@ func (f *SignIn) Validate(ctx *macaron.Context, errs binding.Errors) binding.Err // \/ \/ \/ \/ \/ type UpdateProfile struct { - Name string `binding:"OmitEmpty;MaxSize(35)"` + Name string `binding:"Required;AlphaDashDot;MaxSize(35)"` FullName string `binding:"MaxSize(100)"` Email string `binding:"Required;Email;MaxSize(254)"` Website string `binding:"Url;MaxSize(100)"` diff --git a/templates/.VERSION b/templates/.VERSION index b4e31462..45f831e3 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.10.7.0306
\ No newline at end of file +0.10.8.0307
\ No newline at end of file diff --git a/templates/user/settings/profile.tmpl b/templates/user/settings/profile.tmpl index a42d9c49..a41811be 100644 --- a/templates/user/settings/profile.tmpl +++ b/templates/user/settings/profile.tmpl @@ -25,7 +25,7 @@ </div> <div class="required field {{if .Err_Email}}error{{end}}"> <label for="email">{{.i18n.Tr "email"}}</label> - <input id="email" name="email" value="{{.SignedUser.Email}}"> + <input id="email" name="email" value="{{.SignedUser.Email}}" required> </div> <div class="field {{if .Err_Website}}error{{end}}"> <label for="website">{{.i18n.Tr "settings.website"}}</label> |