diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | internal/assets/templates/templates.go | 1 | ||||
| -rw-r--r-- | internal/mailer/mail.go | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 928efbc5..746173cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ All notable changes to Gogs are documented in this file. ### Fixed +- [Security] Potential open redirection with i18n. - [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767) - [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907) - Open/close milestone redirects to a 404 page. [#5677](https://github.com/gogs/gogs/issues/5677) diff --git a/internal/assets/templates/templates.go b/internal/assets/templates/templates.go index 91d13f39..eb493d28 100644 --- a/internal/assets/templates/templates.go +++ b/internal/assets/templates/templates.go @@ -65,6 +65,7 @@ func NewTemplateFileSystem(dir, customDir string) macaron.TemplateFileSystem { panic(err) } + name = strings.TrimPrefix(name, dir) ext := path.Ext(name) name = strings.TrimSuffix(name, ext) files = append(files, macaron.NewTplFile(name, data, ext)) diff --git a/internal/mailer/mail.go b/internal/mailer/mail.go index 83f7b44f..1cb01a57 100644 --- a/internal/mailer/mail.go +++ b/internal/mailer/mail.go @@ -43,6 +43,7 @@ func render(tpl string, data map[string]interface{}) (string, error) { opt := &macaron.RenderOptions{ Directory: path.Join(setting.StaticRootPath, "templates/mail"), AppendDirectories: []string{path.Join(setting.CustomPath, "templates/mail")}, + Extensions: []string{".tmpl", ".html"}, Funcs: []template.FuncMap{map[string]interface{}{ "AppName": func() string { return setting.AppName |