models/repo_editor: ignore copying files with '.git/' path prefix (#5558)

author: Unknwon <u@gogs.io> 2018-12-19 23:09:32 -0500
committer: Unknwon <u@gogs.io> 2018-12-19 23:09:32 -0500
commit: 1f11c1f71a314a85ab09b75f10a527a351020144 (patch)
tree: 17b48f0e00ed176894b4db8262cbb78abfa4b086 /models/repo_editor.go
parent: 8c8c37a66b4cef6fc8a995ab1b4fd6e530c49c51 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/models/repo_editor.go b/models/repo_editor.go
index a302a8de..33887f93 100644
--- a/models/repo_editor.go
+++ b/models/repo_editor.go
@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/Unknwon/com"
@@ -467,14 +468,19 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
 	dirPath := path.Join(localPath, opts.TreePath)
 	os.MkdirAll(dirPath, os.ModePerm)
 
-	// Copy uploaded files into repository.
+	// Copy uploaded files into repository
 	for _, upload := range uploads {
 		tmpPath := upload.LocalPath()
-		targetPath := path.Join(dirPath, upload.Name)
 		if !com.IsFile(tmpPath) {
 			continue
 		}
 
+		// Prevent copying files into .git directory, see https://github.com/gogs/gogs/issues/5558.
+		if strings.HasPrefix(upload.Name, ".git/") {
+			continue
+		}
+
+		targetPath := path.Join(dirPath, upload.Name)
 		if err = com.Copy(tmpPath, targetPath); err != nil {
 			return fmt.Errorf("copy: %v", err)
 		}
author	Unknwon <u@gogs.io>	2018-12-19 23:09:32 -0500
committer	Unknwon <u@gogs.io>	2018-12-19 23:09:32 -0500
commit	1f11c1f71a314a85ab09b75f10a527a351020144 (patch)
tree	17b48f0e00ed176894b4db8262cbb78abfa4b086 /models/repo_editor.go
parent	8c8c37a66b4cef6fc8a995ab1b4fd6e530c49c51 (diff)