From 0a78d99a4db96c5181678acc46ca3dcc0d10c2b2 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Fri, 6 May 2016 15:40:41 -0400
Subject: models/release: filter input to prevent command line argument
 vulnerability

---
 models/release.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'models/release.go')

diff --git a/models/release.go b/models/release.go
index 69ce6c13..026ab8ff 100644
--- a/models/release.go
+++ b/models/release.go
@@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
 				return fmt.Errorf("GetBranchCommit: %v", err)
 			}
 
+			// Trim '--' prefix to prevent command line argument vulnerability
+			rel.TagName = strings.TrimPrefix(rel.TagName, "--")
 			if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
 				return err
 			}
-- 
cgit v1.2.3