diff options
| author | Unknwon <u@gogs.io> | 2018-12-25 09:45:20 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2018-12-25 09:47:33 -0500 |
| commit | 5f1f1bb5ed3c9916f11016942b9f553ef4fb72a9 (patch) | |
| tree | 626d65ac7a5e9f10a3c36ed1650a1457af5cc42c /models | |
| parent | 9ff2df78f02fb09106b33beb7e4c644f86c30c6f (diff) | |
pkg/tool/path: use IsMaliciousPath to replace SanitizePath (#5558)
Diffstat (limited to 'models')
| -rw-r--r-- | models/repo_editor.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/models/repo_editor.go b/models/repo_editor.go index 33887f93..62914c6d 100644 --- a/models/repo_editor.go +++ b/models/repo_editor.go @@ -327,9 +327,13 @@ func (upload *Upload) LocalPath() string { // NewUpload creates a new upload object. func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) { + if tool.IsMaliciousPath(name) { + return nil, fmt.Errorf("malicious path detected: %s", name) + } + upload := &Upload{ UUID: gouuid.NewV4().String(), - Name: tool.SanitizePath(name), + Name: name, } localPath := upload.LocalPath() |