From 5f1f1bb5ed3c9916f11016942b9f553ef4fb72a9 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 25 Dec 2018 09:45:20 -0500
Subject: pkg/tool/path: use IsMaliciousPath to replace SanitizePath (#5558)

---
 models/repo_editor.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'models')

diff --git a/models/repo_editor.go b/models/repo_editor.go
index 33887f93..62914c6d 100644
--- a/models/repo_editor.go
+++ b/models/repo_editor.go
@@ -327,9 +327,13 @@ func (upload *Upload) LocalPath() string {
 
 // NewUpload creates a new upload object.
 func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) {
+	if tool.IsMaliciousPath(name) {
+		return nil, fmt.Errorf("malicious path detected: %s", name)
+	}
+
 	upload := &Upload{
 		UUID: gouuid.NewV4().String(),
-		Name: tool.SanitizePath(name),
+		Name: name,
 	}
 
 	localPath := upload.LocalPath()
-- 
cgit v1.2.3