From ce1ec81d6fa4b9531eee8c51a6ce1a095ea9beb2 Mon Sep 17 00:00:00 2001
From: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Date: Wed, 19 Feb 2020 23:45:02 +0800
Subject: repo/editor: clean up tree path

Fixes a security issue reported by @zeripath.
---
 internal/pathutil/pathutil.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 internal/pathutil/pathutil.go

(limited to 'internal/pathutil/pathutil.go')

diff --git a/internal/pathutil/pathutil.go b/internal/pathutil/pathutil.go
new file mode 100644
index 00000000..6a7286e1
--- /dev/null
+++ b/internal/pathutil/pathutil.go
@@ -0,0 +1,15 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pathutil
+
+import (
+	"path"
+	"strings"
+)
+
+// Clean cleans up given path and returns a relative path that goes straight down.
+func Clean(p string) string {
+	return strings.Trim(path.Clean("/"+p), "/")
+}
-- 
cgit v1.2.3