security: fix path cleanup for repository init and editor (#5207)

Reported by Kacper Szurek https://security.szurek.pl/.
author: Lauris BH <lauris@nix.lv> 2018-05-08 21:32:49 +0300
committer: 无闻 <u@gogs.io> 2018-05-08 14:32:49 -0400
commit: eccc8109c170315ec6bfe362fcabc87e1348b65f (patch)
tree: bdc53c45dfb1b937314102336b1e895c2a69122d /models
parent: 2fabcd0455c4e91d5cbd2ad70b751d78034f625a (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/models/repo.go b/models/repo.go
index 6ed7cd18..827c9aaf 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -854,7 +854,7 @@ type CreateRepoOptions struct {
 }
 
 func getRepoInitFile(tp, name string) ([]byte, error) {
-	relPath := path.Join("conf", tp, strings.TrimLeft(name, "./"))
+	relPath := path.Join("conf", tp, strings.TrimLeft(path.Clean("/"+name), "/"))
 
 	// Use custom file when available.
 	customPath := path.Join(setting.CustomPath, relPath)
diff --git a/models/wiki.go b/models/wiki.go
index 24d07938..7e085d0a 100644
--- a/models/wiki.go
+++ b/models/wiki.go
@@ -33,7 +33,7 @@ func ToWikiPageURL(name string) string {
 // that are not belong to wiki repository.
 func ToWikiPageName(urlString string) string {
 	name, _ := url.QueryUnescape(urlString)
-	return strings.Replace(strings.TrimLeft(name, "./"), "/", " ", -1)
+	return strings.Replace(strings.TrimLeft(path.Clean("/"+name), "/"), "/", " ", -1)
 }
 
 // WikiCloneLink returns clone URLs of repository wiki.
author	Lauris BH <lauris@nix.lv>	2018-05-08 21:32:49 +0300
committer	无闻 <u@gogs.io>	2018-05-08 14:32:49 -0400
commit	eccc8109c170315ec6bfe362fcabc87e1348b65f (patch)
tree	bdc53c45dfb1b937314102336b1e895c2a69122d /models
parent	2fabcd0455c4e91d5cbd2ad70b751d78034f625a (diff)