index
:
gogs.git
Gogs is a painless self-hosted Git service
log msg
author
committer
range
buildscript
main
mygogs
about
summary
refs
log
tree
commit
diff
path:
root
/
models
/
release.go
diff options
context:
1
2
3
4
5
6
7
8
9
10
15
20
25
30
35
40
space:
include
ignore
mode:
unified
ssdiff
stat only
author
Unknwon <u@gogs.io>
2016-05-06 15:40:41 -0400
committer
Unknwon <u@gogs.io>
2016-05-06 15:40:41 -0400
commit
0a78d99a4db96c5181678acc46ca3dcc0d10c2b2
(
patch
)
tree
36c4c3883437f2153a012519d290d2a055a42397
/
models/release.go
parent
3df8eb60e3227b4cff671e4714d262603b82943b
(
diff
)
models/release: filter input to prevent command line argument vulnerability
Diffstat
(limited to 'models/release.go')
-rw-r--r--
models/release.go
2
1 files changed, 2 insertions, 0 deletions
diff --git a/models/release.go b/models/release.go
index 69ce6c13..026ab8ff 100644
--- a/
models/release.go
+++ b/
models/release.go
@@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
return fmt.Errorf("GetBranchCommit: %v", err)
}
+ // Trim '--' prefix to prevent command line argument vulnerability
+ rel.TagName = strings.TrimPrefix(rel.TagName, "--")
if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
return err
}