diff options
Diffstat (limited to 'models')
| -rw-r--r-- | models/repo_editor.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/models/repo_editor.go b/models/repo_editor.go index 33887f93..62914c6d 100644 --- a/models/repo_editor.go +++ b/models/repo_editor.go @@ -327,9 +327,13 @@ func (upload *Upload) LocalPath() string { // NewUpload creates a new upload object. func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) { + if tool.IsMaliciousPath(name) { + return nil, fmt.Errorf("malicious path detected: %s", name) + } + upload := &Upload{ UUID: gouuid.NewV4().String(), - Name: tool.SanitizePath(name), + Name: name, } localPath := upload.LocalPath() |